I got an email the other day from an ex-coworker of mine. It had a Subject: line which practically screamed “I am spam! Delete me!” but I never get spam at work so I opened the letter. (The subject was “This will CRACK you up!”, I think.) Then I recognized her cutesy email address.
I found an attachment called Calvin1.gif. Does that mean it’s safe? I mean, I’ve never heard of a virus being in a .gif file, which if I’m not mistaken is just a picture (like a jpeg but not the same format). But I’m not sure that just because it says it’s a .gif that it actually is a .gif. Couldn’t the name be a lie?
To give you some background, this coworker was fired for borrowing stuff from the office without asking (not exactly the same thing as stealing, since the stuff was all returned in good condition, but it’s pretty clear why she got the axe). So I’m wondering if she is trying to release some pent-up rage at the company by sending me a virus which will screw up our network. I don’t think she’d do that, but I am pretty paranoid.
So my basic question is, is it always safe to open a .gif? (If not, I’ll just throw it out and ask her to describe it to me over the phone.)
Don’t open it. You can hide an executable file as an image file by giving it a strange name like this: calvinpee.gif.exe Notice the last ‘.exe’? That is the extension the PC sees, so it will open the file as an executable, even if you only see an image file extension. If you do not trust it, do not open it.
Look at the icon. If you are running a Windows or Mac OS, then the file should have a picture of something for an icon. If the icon is a GIF icon (check it against something you know is a picture) then it is a picture. If not, it may be an executable.
You can also tell Windows (I don’t know about Macs) to display all the file extensions, so you can see if it is an exe or not. Other file extensions not to trust include .vbs, which is a visual basic script, and was used for some of those email viruses.
Or you could just ask your friend if she meant to send it to you.
Just to add on to what iam and Derleth said: if you’re computer is not set to show file extensions (technically I believe you need to uncheck the option to “hide file extensions for known file types”) then something like iamavirus.gif.exe would hide the exe and only show the gif extension. Double clicking would then run the executable. There was a virus a few months back that masqueraded as a txt file for all the wiseasses like me that insist “you can’t get a virus from a text file.”
If you’re showing all extensions then you’re probably safe. Yes, famous last words, I know…
a) If it is a Mac, file extensions are just part of the file name and are always displayed; they also don’t play a central role in telling the OS what type of file the file is. A Mac “executable” (application) does not need any extension at all, or could have a totally misleading extension (I could rename “Netscape® Navigator™” to “Misleading.jpg” and still launch it and browse web sites with it). The Mac OS looks at a pair of four-character codes that exist for every file, called File Type and File Creator, to know if the file is “executable” or, instead, is a document; and, if a document, what “executable” (application) should be used to open it when you double-click on it. The only time the OS pays any attention to file extensions is when there is no useful information to be found in the File Type and File Creator. In such cases, it assumes the file had non-Macintosh origins and looks up what those extensions mean in the Windows or Unix or Amiga world (the table is user-editable). So if you send me a file “MyFace.jpg” from your PC, the OS sees no identifying File Type or File Creator codes so it goes on to check the extension and the lookup table says “.jpg” = JPEG GKON and assigns it those codes, which tell the OS that it is a JPEG that should be opened by Graphic Converter.
b) Macintosh computers are virtually immune to virus-infested email attachments because they are usually written with MS operating systems and file structures in mind. Sending me an .exe file containing code that replace every file in C:\WINDOWS\SYSTEM with empty text files of the same name won’t do me any damage–firstly because it won’t execute and secondly because there is no C drive or WINDOWS\SYSTEM folder anywhere to be found. But if you sent me a Mac application and it was infected with a Mac virus, and I double-clicked it (fooled, perhaps, by the fact that you had renamed it “MyFace.jpg”), I’d be in trouble. (Fortunately there is only a small handful of Mac viruses, most of them over 5 years old, and no more than 4-5 that do any significant damage, NONE that can totally trash your machine).
c) Macs can serve as “typhoid Mary” virus carriers for a small population of PC viruses: macro viruses that can remain embedded in (and even spread under) the Mac versions of programs that exist on both platforms such as MS Word and MS Excel. These viruses don’t do any damage on the Mac (the lack of C drives and whatnot once again) but do rude things if they can wend their way back to PC land.
To elaborate what KK has said, make sure Windows shows files extensions. It’s usually under “View”, “Options” on a Windows Explorer window. Also be sure not to you can see all hidden files.
Your best solution is just to delete the message. Would your life be lacking if you never see that file?
If you are interested, first download the latest virus definition files from your antivirus vendor. Don’t have them? (No computer should be without antivirus protection.) Download InnoculateIT from http://antivirus.cai.com. Get any virus definition updates, too.
Once you’ve updated, scan the file to see if there are viruses. At that point, you can view it (assuming this isn’t something brand new that’s not in your virus definitions).
Well, I didn’t want to get rid of the thing entirely, so I forwarded it to my home email from my work email, and then deleted it from my work email. I figured at least it wouldn’t do any damage while it sat their in my home email folder, and, since I do use a Mac, I figured I was pretty safe, as AHunter3 has explained.
Just now I came home and looked at the email, without purposely opening any attachments. Scrolling to the bottom, I found a bunch of Calvin & Hobbes comics right there in with the text of the email! So I suppose my email software (Eudora) is a little quicker on the draw than I had expected. Anyway, the attachment was a bunch of comics about Calvin making strange snowmen. Very funny. But I am still a little taken aback that the thing opened by itself … maybe I selected an “automatically open pictures” option or something, and I’ve forgotten already.
You probably are allowing html markup. In that case, the e-mail displays like a web page. If there are graphic links, they display also.
I’d turn this feature off. I don’t think it can cause a virus or trojan horse to be activated, but spammers can use it to determine that your e-mail is a legitimate address, and they will flood your mailbox.
Couldn’t you save an attachment to something like “caution.gif”, then open your image viewer and try to open the file from within the viewer, rather than double-clicking
on the icon? Even if it was an executable or had a virus, won’t the viewer just report “unnown file format”, or something like that?
Well that explains a lot. Or some of a lot. I get tons of spam, and I don’t know why since I’m not exactly a slut when it comes to putting out (my email address). Kind of ironic that none of my SDMB friends can email me (my choice of course) but sexyteen@hotmail.com (<- made up email address) can.
I had that very same email, and my PC was fine. Of course, I didn’t actually know there was an attachment (I didn’t check the file size before I opened it, and I didn’t notice Hotmail displaying an attachment symbol), and Hotmail embeds GIFs and JPEGs in the email. Just as well it wasn’t infected, really.