![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
lostcarparkSeveral new variants of some of the fastest spreading computer viruses have recently appeared. The interesting thing about them is that they're avoiding email virus scanners by hiding in password protected Zip archives, with instructions to open them with the password specified in the body of the message.
Now you'd think that by now users should be suspicious of viruses in attachments, and if a random stranger sends you an encrypted, password protected Zip file asking you to open it, enter the password, and run the executable inside, you might think twice about it.
But if the amount of virus email I've been getting in the last couple of days is anything to go by, it would seem that the message still isn't getting through to an awful lot of users. Network managers and administrators have been trying to drum into their users "don't open attachments", but clearly when told to do something by an email message, far too many of us will blindly follow.
We can be critical of Microsoft for leaving holes in Windows, but in this case the blame falls solidly at the feet of users (and managers for not getting through to their users).
I'm sure it won't take virus scanners long to catch up, and will learn how to find passwords in message bodies, but until the end users learn not to trust anything in an email attachment, the virus writers will always have the advantage.
Now you'd think that by now users should be suspicious of viruses in attachments, and if a random stranger sends you an encrypted, password protected Zip file asking you to open it, enter the password, and run the executable inside, you might think twice about it.
But if the amount of virus email I've been getting in the last couple of days is anything to go by, it would seem that the message still isn't getting through to an awful lot of users. Network managers and administrators have been trying to drum into their users "don't open attachments", but clearly when told to do something by an email message, far too many of us will blindly follow.
We can be critical of Microsoft for leaving holes in Windows, but in this case the blame falls solidly at the feet of users (and managers for not getting through to their users).
I'm sure it won't take virus scanners long to catch up, and will learn how to find passwords in message bodies, but until the end users learn not to trust anything in an email attachment, the virus writers will always have the advantage.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2004-03-04 04:20 am (UTC)eg. If you get an email from someone you don't know, be suspicious of what it says. If you get an email from someone you know that doesn't sound like them, be suspicious(1). When in any doubt at all, ask someone who knows more than you do(2).
(1) None of the people I know ever email me with an attachment that says anything like "Your bill" or "Check this out!" - they address me first, usually, have some pleasantries, then tell me what is being attached, and sign their name. I expect in the future virus writers will get better at faking this kind of thing, but at the moment, it's a good acid test.
(2) Of course the danger here is that the people who know more than them actually don't know very much at all. I'm thinking of those friends of my mother's who "know everything about computers".
no subject
Date: 2004-03-04 04:33 am (UTC)I'm expecting that we'll get viruses soon that can read through your email folders and use its AI to write a convincing email in the style of the person it's immitating. Maybe I should make this post friends-only in case I'm giving virus-writers ideas.