The problem is approximately 18" in front of the screen...

[lostcarpark]

Several new variants of some of the fastest spreading computer viruses have recently appeared. The interesting thing about them is that they're avoiding email virus scanners by hiding in password protected Zip archives, with instructions to open them with the password specified in the body of the message.

Now you'd think that by now users should be suspicious of viruses in attachments, and if a random stranger sends you an encrypted, password protected Zip file asking you to open it, enter the password, and run the executable inside, you might think twice about it.

But if the amount of virus email I've been getting in the last couple of days is anything to go by, it would seem that the message still isn't getting through to an awful lot of users. Network managers and administrators have been trying to drum into their users "don't open attachments", but clearly when told to do something by an email message, far too many of us will blindly follow.

We can be critical of Microsoft for leaving holes in Windows, but in this case the blame falls solidly at the feet of users (and managers for not getting through to their users).

I'm sure it won't take virus scanners long to catch up, and will learn how to find passwords in message bodies, but until the end users learn not to trust anything in an email attachment, the virus writers will always have the advantage.

Comments

[ramtops.livejournal.com]

the stupidity of lusers can never be under-estimated.

[ang-grrr.livejournal.com]

I got one of those today but it was send from the mini-air address.

The one I supidly opened at home [1] was sent from the email address of a friend. Wasn't a password one though.

Not random strangers at all.

[1] I use OE for cable mail and newsgroups

[lostcarpark.livejournal.com]

Okay, I admit it can be an easy trap to fall into. And it probably wasn't even your friend's computer it was sent from, but rather a thrid party who has both you and them in their address book.

However, the message probably said something like "Hi, I thought you might like this," which when you think about isn't something someone who knows you is really likely to say.

I'm sure you won't fall into the same trap a second time.

People are learning. I got a call from my Mum last night, saying she'd got a couple of attachments from people she didn't know with messages telling her the password to use to open them, and checking that she should delete them. You can guess what I told her...

[ang-grrr.livejournal.com]

The message actually said "information" and as I had earlier told the same person that they could email me for further details about something I opened it without really thinking about it.

Which was the problem. I didn't even look at what type of attachment it was.

Ultimately it was my inattention that was to blame but, and this is the point I was trying to make, any of us can have an off day.

[lostcarpark.livejournal.com]

I'm hopeful that current efforts will lead to an end of email address spoofing (making it more or less impossible to send an email with a from address that's not part of the server you're sending it from). This will make this sort of thing a lot harder (so when a friend has a virus, it will only be able to send emails from their address, meaning we can warn them when we receive them). But at the end of the day, user vigilence is essential. But yes, we all have our off days.

[crazysoph.livejournal.com]

Anything that arrives with attachments always is queried directly back at the sender, if I know them. Deleted without prejudice if I don't.

This is not rocket science.

*bangs head against desk*

Crazy(And you've been on the receiving end of even something as mild as sending me large picture files without warnings, I think. You were very kind in response, thank you.)Soph

[lostcarpark.livejournal.com]

Yes I've learned my lesson since then. I rarely send people anything they didn't explicitly ask for, and as often as not will send a web link rather than the actual file.

[etherealfionna.livejournal.com]

I'm always loathe to blame users, because things can be complicated enough, especially when they are older: there are a lot of rules they are supposed to follow, and mainly those rules aren't explained in a way that they understand ("don't open any attachments" isn't very explanatory unless you're also told what an attachment is, and until you actually get one, you're not going to remember what it is and what you're supposed to do with it). Add to that the fact that their grandchildren might be sending them emails from accounts called "greentomato" or something, rather than a name they recognise, and that virus' can come disguised as from someone you know (the ubiquitous mail from Mary saying "Look at this!") then it isn't really that easy.

I've heard it suggested that no MS Word or Excel attachments should ever be opened, which in my opinion illustrates why users will also ignore advice from IT experts - if I get an email from my boss with a Word file attached, I'm not going to reply to him and ask him to reformat into plain text, it's unreasonable to expect people to have to do additional work in that way.

Oh, look at that: I think you touched a sore point :-)

[lostcarpark.livejournal.com]

Okay, you make some very valid points.

First of all, the biggest portion of blame rests with the virus writers. if there is a hell, I'm sure there is a particularly appropriate punishment being prepared for them.

Some of the blame must be shared by the architects of email, for not anticipating how it could be abused. But the internet was a very entity a quarter of a century ago, and it would be hard to anticipate these problems. Current efforts to prevent email address spoofing should go some way to preventing this, but will have an affect on the way we use the internet, since any of us who send email from a different location to where our domain is located are probably using address spoofing without realising it.

It's hard to blame the virus scanner writers. Password protected Zips are encrypted, so it's impossible to see inside them without the correct password. I'm sure they'll be quickly updated to look for that password in the message body, which will stem the flow until the virus writers find a new trick. However, having a scanner installed can lure people into a false sense of security. Scanners can only find things they know about, and new viruses spread so fast the scanners can't keep up. And unfortunately there are still too many people who practice "unsafe surfing".

Some of the blame definately rests with the software industry, largely for making things too easy. There was a time when to receive a binary by email you had to download the text from a bunch of messages (because a lot of servers couldn't handle messages over 64K), run them through a program called UUDecode (which was a command line utility), which produced the binary file. This was difficult enough that you had to have a good idea of what you were doing, and you had to have a good idea that it was going to be worth the effort.

It is definately the fault of the industry, whether it be publishers, retailers, network managers, support staff, or whoever the end user's point of contact with the industry is, that the message isn't getting through to the users. You're right, many users have difficulty understanding what attachments are, but the general message needs to be that email must be treated with suspicion until you're sure of the identity and intentions of the sender.

So the user is at the end of the chain, but they are a vital link in that chain. It is up to us to educate them, but as long as there are people who will open attachments without being sure of what they are, the virus writers will find new ways of spreading the seeds of their damaged minds.

[etherealfionna.livejournal.com]

I'm beginning to think that the message should be changed altogether, kind of amalgamate the rules to cover how you deal with spam as well as how you avoid viruses.

eg. If you get an email from someone you don't know, be suspicious of what it says. If you get an email from someone you know that doesn't sound like them, be suspicious(1). When in any doubt at all, ask someone who knows more than you do(2).

(1) None of the people I know ever email me with an attachment that says anything like "Your bill" or "Check this out!" - they address me first, usually, have some pleasantries, then tell me what is being attached, and sign their name. I expect in the future virus writers will get better at faking this kind of thing, but at the moment, it's a good acid test.

(2) Of course the danger here is that the people who know more than them actually don't know very much at all. I'm thinking of those friends of my mother's who "know everything about computers".

[lostcarpark.livejournal.com]

I think the rule should be "where email is concerned, be suspicious..."

I'm expecting that we'll get viruses soon that can read through your email folders and use its AI to write a convincing email in the style of the person it's immitating. Maybe I should make this post friends-only in case I'm giving virus-writers ideas.