Always Use Protection: A Teen's Guide to Safe Computing
Shop

 

Security - Binary Lies

The Novarg (also known as MyDoom or Shimgabi) virus, that hit on Jan 26 2004 isn't based on a Windows vulnerability. Instead, it relies on trickery to get people to run it.

 

To do this it tries a variety of approaches:

  1. It lies about the sender, making you think it comes from a friend.
  2. It has a vague subject like "Hello" or "Test" that makes you curious enough to look at the contents.
  3. And the message is designed to convince you to open the attachment.

For example: It might contain the following message:

 

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
File attachment: document.zip

Usually with a different attachment name. If you open the attachment, you get infected.

Binary Attachments

Computers store data as bytes - locations in memory that can hold a value from 0 to 255. Readable text typically only takes a small part of that range. 7-bit ASCII is basically a code that assigns different letters to different numbers. For example: 65 is the letter A, 66 is B, and so on. If you want to send a typical English text message, you can use ASCII, which is understood by any Email reader program. It only uses 7 bits of an 8 bit byte - meaning the values range from 0 to 127. In fact, it doesn't use all of those, because some of those characters can't be displayed.

 

However, if you want to send files, like programs or images, you need the entire 256 byte values. Your Email program encodes it - converts it into something that looks like garbled text that can be sent via Email. Your Email program can convert that text back into a file.

 

if you look at an Email message source, it might look something like this:

 

------=_NextPart_000_006D_01C3E59D.144CF5C0
Content-Type: application/zip;
name="document.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAC

AAAAfgAAAAAAAAAA
EAAAgQAAAAEAAAD+////AAAAAH8AAACAAAAA////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////

 

The Rules

Here's the deal. You can always use ASCII to send an English text message. Only non text messages (like images or programs or documents) need to be sent as attachments. So if someone tells you that there is a message that can't be sent in text, it's a lie.

Never open an attachment unless it is one that you are expecting. Remember, you can't be sure that the person in the "From" part of the message really sent it - that could be a lie.

If you're not sure, send your friend an Email (or pick up the phone) and ask if they did send you an attachment.

Once you find out it's really from a friend, you need to ask yourself if you trust that friend - because they may have been tricked as well!

It's also best not to open attachments right away. Wait a couple of days - if you have a self-updating antivirus program on your system, that will hopefully be long enough for it to learn to recognize a virus that may be hidden in the attachment.

 

Want to learn more about ASCII and encoding? The book "How Computer Programming Works" can help.

 
Buy your copy of Always Use Protection today from your local bookstore or online:

 

Amazon.com

 

 

 

Copyright © 2005 by Daniel Appleman All Rights Reserved. [contact] [privacy]