Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mostly Quiet Weekend -- Educating Users on Mass Mailing Viruses

Published: 2004-06-13
Last Updated: 2004-06-14 14:32:20 UTC
by Scott Fendley (Version: 1)
0 comment(s)

Though the weekend has been quiet, there has been some traffic from various sources about new email borne mass-mailing viruses, or the fallout of those viruses. This provides a good time to remind those in security that people are still falling for the same old tricks in email.



Neglecting the worms that break through vulnerabilities in the OS or email browser, we still have way too many new viruses that are spread by click-happy end users. The new methods used by virus writers recently (like forging the from address from any of the ones found on the computer in many locations) has proved to be very difficult to explain to the masses of less tech savvy users. The same old tricks eem to continue to come up over and over and over again, and yet the message seems to have not changed from the security community.
1) Keep your patches and antivirus definitions updated quite frequently.

2) Do _NOT_ open attachments that you were not expecting or can confirm was sent intentionally through other means (ie phone or yelling over a cubicle wall...etc).




Though this is a rehash of what most of us know already, it is well worth taking a time out during this seemingly quiet summer and see if we can find a better way to get the point across to the masses of individuals that are not security minded. For those in the University / Academia world, we have a matter of a couple of months to prepare for the onslaught of highly clever students who have not been properly educated on safe computing habits (freshman).
If the amount of traffic I have personally seen is any measure, it is my belief that we are loosing the battle on educating our users. Is it time to look for better ways of educating our end users on the dangers of attachments? Probably so. What exactly needs to be done, is not known at this time. But the facts of the matter are this. 1) Virus writers continue to become even more sneaky with the mass mailing virus breed. 2) Users continue to run programs they receive from email. 3) There will always be a lag time between discovery of a virus and the time that definitions are made available for AV software. With those 3 issues, the only solution is to tackle this problem without depending on virus definitions for protection. If anyone has any ideas for better getting the point across to end users, please do not hesitate sharing them with the world.

Keywords:
0 comment(s)
Diary Archives