|
May 27th, 2000 I never thought I'd see the day when mail born viruses became national news, but that day has come. Recent outbreaks of the ILOVEYOU virus and a few copycats, and now another visit of the Melissa virus have got us on our toes around here. Here's a basic explanation of how these things work, what they do, and a point or two you may have missed if you got all of your news from the major media networks. A virus is any program that inserts itself into your computer, or programs running on your computer, in an effort to take some control of your system. It may do this in order to do damage, or maybe just to play a little joke on you. Most of the viruses that get major attention do some damage, like deleting files from your system so that it will no longer operate properly. The virus may also attempt to make copies of itself and place those copies on any diskette you write to on your system. But it's primary job is to do damage or to get noticed.
A worm is somewhat different. The primary job of a worm is to make copies of itself and send them into the world by any means possible. Whereas viruses alter individual computers, worms clog up networks by sending out hundreds or thousands of copies of themselves, clogging up communications between computer systems on the Internet. This is the type of malicious program that has been making all of the news lately. The fact that these worms use email to propagate is especially interesting. Email programs are designed to compose, send, receive, and display text messages from one party to another through the Internet. Only lately has the ability to use fancy formatting and to display pictures come along. | Note to well informed critics: yes, this is a simplification. Worms and Viruses share many attributes and, in the wild, have taken a variety of forms. The first Internet Worm, was released by Robert Morris Jr., in November of 1988. It attacked Digital Equipment VAX computers running VMS, and actually used flaws in the TCP/IP protocol to launch copies of itself on other VMS systems. The program would create copies of itself in memory while propagating itself, eventually filling up all available memory and bringing the infected system to its knees. If interested, see: The Robert Morris Internet Worm |
And today, most email programs can run a program sent to you by another person. This is how viruses and worms can get to you through email. As you know by now, the only way to run a virus from your email program is to click on the attachment that contains the virus. There have been a few cases where just viewing a message could cause damage, but these were rare and were fixed rather quickly by the program vendors.
Social EngineeringThe ILOVEYOU worm was most interesting because many people could not resist running it. It certainly was an education for many. What I found even more interesting was that fewer than fifteen ZiaNet customers were affected by it at all. Reading the news reports I noticed that the majority of damage in this country was done to large bureaucratic institutions. Government offices from the Pentagon to the Centers for Disease Control, Military (MIL Network) centers were hit first and hardest. Why? As luck would have it, I spent about fifteen years working in such organizations & I can tell you why. Every one of those buildings are full of offices that are full of cute little eight and a half by eleven photo copies of jokes or cartoons, faxed, couriered, Fed-Xed, or emailed from all over the place. This is why Xerox stock is still so valuable. Many of these folks find time in their busy day to brighten the lives of friends and associates. An ILOVEYOU message sure did the trick. But there is another important factor.
Poorly reasoned EngineeringHere is what you may not have read about. Only one kind of email program is effected by this family of worms: Microsoft Outlook. And what email program do you suppose the US Government buys for all of its organizations? Outlook and Outlook Express are friendly, easy to use email programs that do practically everything that you would want an email program to do. The problem is that they can also do more than you would like your email program to do. All Microsoft desktop programs have VBS built into them. Visual Basic Script is a really good idea. It allows Microsoft Word and Microsoft Excel, for example, to have a conversation about your project, exchange information required to do the job, and put the results together in a very easy to use document. Its magical stuff, & in the hands of a good programmer there can be no limit to the magic. The down side of this is that any programmer, or even a person with little or no programming skill, can patch together something dangerous from examples of other peoples VBS code. This is what ILOVEYOU did. It was easy because VBS is built into Outlook so that you can do something really neat: like have Word send out a copy of the morning report to everyone on your address list. What the ILOVEYOU worm did was allow a total stranger, with your innocent acquiescence, to mail a copy of itself to everyone on your address list, plus modify or damage certain files on your system, and attempt to download some other program to your system from the Internet. This was a cheap trick, but in a way it was very crafty too. Most of the staff at ZiaNet recommend Netscape Communicator. It is also friendly, easy to use, and does everything you want to do in email, but not more. VBS is not built in. It is still possible to run a program that can do all of those nasty things to your system, but it is not nearly so easy for another person to craft such a program. The advice your mother gave all those years ago still stands true. Do not take candy from strangers. If someone sends you a message with a program attached, ask yourself a few questions and make some intelligent decisions: If you do not know the addressee, do not click on the attachment. Delete the message. If you do know the addressee, look for an explanation, in language that they would normally use, of what the attachment is and why they sent it to you. When in doubt, reply with a question. The fact is, it is not really that easy to get a virus while using the Internet. You have to download a copy of a malicious program and run it on your computer. Do not download illegal copies of software. Do not download "neato" screen savers and such unless they come from a trusted source. Beware of programs delivered in email.
I recently added a little article on how to disable VBS and ActiveX scripting in Outlook Express. Many thanks to customer Don V for suggesting this.
'Hope this helps,
-- Thomas. The views expressed here do not necessarily represent those of ZiaNet, Inc., the owners or employees, or anyone considered a socially functional individual within the norms established by 21st century public education. caveat emptor.
|
