Preventing Trojans and Worms
Preventing Trojans and worms takes end-user awareness, antivirus software, and prevention techniques.
Don’t Run Unknown Executable Content
To prevent Trojans and worms from compromising a PC, don’t ever
run unknown or untrusted executable content. Most Trojans and worms
arrive via email these days. This means don’t ever click or
execute files with the following extensions: (.EXE, .COM,
.BAT, .CHM, .SHS, .VBS, or .JS
). There are even more
potentially malicious extensions than this list, but they are the
main ones used by Trojan writers today. The most common Trojan
arrives as a joke executable. No matter how fun the sender says it
is, don’t run it. Send back a polite email telling them you
never execute email attachments.
So far, you can safely click on graphic or video files (e.g.,
.JPG, .MPG, .AVI, .GIF, .BMP
, etc.) without the
threat of executing malicious code. But be wary of graphic files that
are embedded within executables or executables renamed to look like
graphic files. Worms have arrived as an attachment called
PICTURE.EXE
. Some Trojans take advantage of the
fact that Windows machines do not show known file extensions by
default. Hence, PICTURE.JPG
can really be
PICTURE.JPG.EXE
. Don’t click on web links
sent via email unless they point to known, safe sites. The link could
be a short HTML file that downloads a malicious script file.
Although covered in more detail in Chapter 14, if you are a network administrator, you can implement security ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.