Home > Articles

Bad Things Come in Small Packages

This chapter is from the book

How Viruses Are Transmitted Through Email Attachments


  • The Trusted, the Innocent, and the Seductive

  • All Dressed Up, with Nowhere to Go

  • Not What I Say, But What I Do

  • Beware of Email Bearing Gifts

After spam, viruses are probably the most discussed email problem. Most people are aware of their existence and hear about the major new strains on the mainstream news. Viruses strike fear into many computer users' hearts, who cringe when they imagine files being deleted or corrupted or their computers being damaged.

Viruses and Trojan horses are also misunderstood. Many computer problems get blamed on viruses, often unjustifiably, and sometimes this misdirected blame does more damage than a virus would have. Because most people don't understand viruses and how they work, even hoaxes about viruses have become attacks and caused problems for many people who were never infected.

This chapter discusses viruses and Trojan horses and explains how they are passed through email messages. You learn the real risks and how to protect against them. Also, you look at hoaxes and misdiagnoses and see how to avoid hurting yourself by falling for them.

The Trusted, the Innocent, and the Seductive

Viruses are malicious code that attaches itself to files sent through email as attachments. Although viruses are shrouded in mystery and often attributed almost supernatural powers, they are simply a special type of program. My six-year-old was acting goofy yesterday, and my wife asked him why he wasn't listening. He told her he thought he had a computer virus from opening an attachment. I've been probably talking about the book too much, but many people, like Michael, believe that viruses can do things that are beyond their grasp. Like all programs, they must be run to do any work or, in the case of viruses, any damage. This section shows how email attackers convince you to open virus-infected files and allow the malicious code to run on your computer. By falling for their trap, your term paper, presentation for a big meeting, or the photos from your last vacation can be damaged or even lost forever.

Case Study 3-1

Tina opened her email program to find an email from her sister in Georgia. She clicked on the email and read a short note from her sister:

Subject: Brighten up your day

You've got to take a look at this program. It's hilarious. Let me know what you think.

Tina opened the attachment, a file called funstuff.exe. When she ran it, nothing seemed to happen. She tried again with the same result. Finally, Tina sent an email to her sister, saying that she couldn't open the attachment. Over the next few days, Tina noticed her computer getting slower and slower. She wondered if she needed to get a new computer. She never realized that the attachment she had opened had infected her computer with a virus that was responsible for the speed issues she was having. Buying a new computer would "fix" the problem, but simply dealing with the virus would have the same effect with a lot less cost and hassle.

Case Study 3-2

Ben came to work on Monday morning and logged in to his computer. As he started working through his email from the weekend, he noticed one from Acme Software, a major software company that Ben's company used.

From: support@acmesoftware.com

Subject: Important Security Patch

Dear Valued Customer,

We have just released an important security patch, which is critical for you to install to prevent hackers from attacking and taking over your computer. To get this information into your hands as quickly as possible, we have attached the security patch to this email.

Simply open the attachment, and the security patch will be installed on your computer immediately. We've tried to make this process as quick and painless as possible.

If you know anyone who uses the fine products from Acme Software but might not have registered the products, please forward this email to them. It is important to us that as many people as possible install this security patch before malicious hackers take advantage of them.

Thanks for your assistance in this matter,

Technical Support

Acme Software

Ben installed the security patch and forwarded the email to some friends who used Acme Software products at their companies.

Two days later, Ben was looking for an important file, but there was something wrong. None of his documents were in the directory where he had saved them. As he looked through all his directories, it appeared that all his documents were missing. He called the company's technical support line to find out what was going on.

They informed him that a virus had deleted most of the documents from their servers. The tech support staff was busy upgrading the virus protection software and restoring files from backup tapes. Ben was upset over the damage the virus had done, but he never considered that the security patch he installed had actually been the cuplrit.

Case Study 3-3

The subject of the email message caught Tom's attention immediately: "View Naked Pictures of Britney Spears!!!" Tom looked over his shoulder to make sure no one was around and clicked on the email.

The email didn't contain any pictures of Britney but described a special viewer that would allow downloading the pictures in a manner that couldn't be detected or tracked. Tom had heard rumors of some people being caught with porn on their computers and figured a secure viewer might just be the key.

Another glance over his shoulder, and Tom began installing the viewer. After all, it was Britney. The viewer didn't seem to work correctly, however, and Tom never saw the promised pictures of Britney. Almost immediately, his computer started acting strangely. Some programs that Tom used started crashing or wouldn't load. Tom realized that he had probably gotten a virus from the viewer, but he was afraid if he asked for help, someone would trace the problem back to the viewer. So Tom just kept silent and hoped it would go away.

How the Attack Works

To understand how these attacks work, first you need to understand what a virus is. A virus is simply a computer program with all the same characteristics of any computer program. A virus is written by a programmer, not some mysterious entity with magical properties.

Sometimes users attribute qualities to viruses that are beyond their capabilities. For example, viruses can't live through a reformatting of your hard disk because, like any other program, they'll be deleted. If a virus was inadvertently copied over to a disk and you insert that disk into your computer, you can reinfect the machine, but the original copy of the virus on your computer would have been destroyed.

Also, viruses have bugs, just like all other programs. Sometimes the damage a virus does is unintentional and is actually the result of a bug in the software. Although the result is the same, these programs aren't necessarily the most sophisticated software out there. Often virus developers are copying someone else's code and making minor modifications to it.

Although a virus is a computer program, a distinct characteristic separates a virus from other programs: its capability to replicate. This trait is what makes a virus a virus. Viruses can spread by copying files onto floppy disks, burning CDs, or passing computer files over the Internet or network. Any medium that allows computer code to be passed from one computer to another is fair game for a virus to attempt replication.

The issue most people have with viruses is the damage they cause. However, a virus isn't necessarily built to cause damage. Sometimes the damage is deliberate, sometimes it's accidental, as when a bug causes the damage, and sometimes a virus simply replicates without any other behavior. When a virus does cause damage, whether intentionally or not, it has access to all the files and resources that other computer programs have. Usually this access results in a significant loss of data and time.

In email messages, files passed as attachments can be infected with a virus. When a virus infects a file, it modifies the file in a way that's similar to how you might edit a document. The virus changes the original file so that the virus code becomes part of the file. When a user sends the file, the virus is transmitted as well. When the file is opened, the virus code runs and spreads to the new computer.

As you saw in the case studies, the reasons people have for opening attachments can vary. You might trust the people who send you email, but do you trust their ability to keep their computer free and clear of viruses? Tina trusts her sister, of course, but the file her sister sent might be infected without her knowledge.

Several Christmases ago, a frantic relative across the country phoned me. This relative had sent an email to the entire family and then found out later that the attachment contained a virus. By the time I was called, several family members had already opened the email attachment and infected their machines. The day after Christmas included a run to the mall to pick up a popular virus protection package to install on my father-in-law's computer. Trusting a person and trusting the security of his or her computer are often quite different things.

In Ben's case, getting a patch mailed from a company sounds helpful, but no major company would do this. The risk is too high that someone pretending to be the company is sending a malicious patch. Never trust these types of emails. Whether or not they're a virus or other malicious program, rely on established ways of updating your software. Go to the software company's Web site and download your patches there.

Finally, Tom is a difficult situation, in that he's the most likely to run into a virus and the least likely to report it. Reporting a virus might raise some questions that Tom doesn't want to answer, so he's more likely to keep silent about any potential problems, which actually compounds the problem. As time goes on, the chance of Tom infecting other computers increases substantially.

An Ounce of Prevention

The first and most important rule to help in the battle against viruses and Trojan horses is to avoid opening attachments and clicking on links to install software. If you never open attachments or install software from the Internet, you substantially reduce the risk of virus infection. Of course, there will be times you want to see a picture of your new nephew or install a new game, but if you start out with a cautious approach, you'll be burned far less often. If you need to open an attachment, be sure to protect yourself by following the second rule.

The second rule, which goes hand in hand with the first, is to install and run virus protection software. There are a number of options, with Norton and McAffee being two of the more popular packages. No computer should be without virus protection software. The cost of the software and the time to keep it up to date are minor matters compared to the time and money spent on a single virus attack.

Another important step is to make sure you're running the latest patches on your operating system and applications. The security patches that Microsoft, Apple, and Linux vendors make available for their operating systems often fix the problems that viruses exploit in attacks. If you keep up to date on these security patches, the damage a virus causes to your files, if your computer does become infected, might be limited.

Finally, make frequent backups of your system. If a virus does infect your system and succeeds in causing some damage, a backup could be your only resort. A good backup is important for a number of reasons, but protecting against virus damage should be enough by itself.

By taking steps to protect yourself from these attacks, you help not only yourself, but also those around you. Viruses can spread only by infecting one computer and then being transferred to the next. If enough people take steps to protect against viruses, it becomes more difficult for them to spread. Also, by taking the proper measures, your system can inform you of a virus in an email message, which allows you to inform the sender and minimize the damage that's caused.

A Pound of Cure

If you have already been infected with a virus, the first step is to run a virus protection software package. These software packages typically come with a disk or CD that you can boot from to clean up the virus without allowing it to run. You might also need to download the latest signatures to catch the most recent viruses and variants.

Until your virus problem is cleaned up, limit your use of the computer. Especially avoid sending emails with attachments or other risky behavior that could actually enable the spreading of the virus. It's bad enough to have your system infected. When your friends, family, and co-workers become infected, the problem becomes much bigger.

Finally, if you suspect your system has been infected, backing up the system is still a good idea. The backups might contain the virus and should be destroyed after the virus is cleaned up and a new backup has been made. However, if the virus causes some form of data loss, knowing that the data is safe and protected so that you can try again to remove the virus can be reassuring.


  • Avoid downloading software, especially from sources you're not familiar with.

  • Avoid opening attachments you aren't expecting, especially from sources you aren't familiar with.

  • Install and run virus protection software.

  • Back up your computer.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020