More on Socially Engineered Viruses

What is a socially engineered virus? It’s one where the subject line and included text of an email are designed to be timely and of specific interest to the recipients, such that they click on the link or open the attachment without hesitation, often without even noticing who the sender is.

CNet News reports that a Trojan appropriately dubbed Storm Worm was released this past Thursday. Within an eight hour period, hundreds of thousands of people around the globe, mostly in Europe, had opened the attachment. Why? Storm Worm carries the subject line “230 dead as storm batters Europe,” and it was sent when a deadly storm was peaking in Central Europe. People were hungry for news of the violent storm, and did not hesitate in clicking on the attachment, thinking they would get more news about the storm. Other e-mail subject lines for it include “U.S. Secretary of State Condoleezza…” and “A killer at 11, he’s free at 21 and…”

People who opened the attachment then unknowingly became part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners’ knowledge. The Trojan horse which infected the computers of those who clicked on the attachment created a back door to their computer which can be exploited later to steal data or to use the computer to post spam.

Even though less than 48 hours have passed since its release into the wild, Storm Worm is already close to being as large as the bigger recorded attacks of 2006. Welcome to 2007’s computing environment, which promises to be a little like Mr. Toad’s Wild Ride, based on its start.

Although Storm Worm is widespread, the damage may ultimately be minimized in the U.S. because most tech security companies will have already added it to their blocking list before people get into work, thanks to the time differential. We got lucky this time, folks. But that protection will only be provided to those who 1) have their virus definitions updated at least once each day, and 2) for those whose update time falls after the new definition is added by their anti-virus vendor. Obviously, updating the virus definition file several times throughout the day provides much better protection. [Hint: I have mine set to update hourly, on a 24-hour basis.]

The lesson we should learn here is that these socially-engineered emails are cunningly designed to overcome our psychological and intellectual suspicions. Those suspicions which normally keep us from doing stupid things with our mouse. So additional education for family members at home and staff at the office is critical. Because proper protection isn’t just about using a good anti-virus program. It’s about a combination of smart, properly trained end users combined with good software protections. In today’s computing environment, you need both.

Start by sharing this post, and having a discussion about it at your next office staff meeting, or family dinner at home. As they used to say on one of my favorite old TV programs, “Let’s be safe out there!”


To return to the main page of the blog, click here. To return to the blog Index, click here.

Other Links to this Post

  1. Law Practice Management » Blog Archive » Socially Engineered Virus “Storm Worm” Hits U.S. Harder Than Predicted — January 22, 2007 @ 12:38 pm

WordPress Themes