It was a simple e-mail from someone in the InfoWorld art department that tipped me off to the fact that there was evil afoot. Well, OK, there’s always evil afoot, but in this case, the particular evil was the current rebirth of MyDoom. The e-mail asked a question: Was the original e-mail a real attachment from me or was it bogus?
I knew instantly that it was bogus, and reported it as such -- so much for that attempt to infect InfoWorld with MyDoom, at least with this particular message. But there would be plenty of others.
This was notable because the art department staffer involved was aware that worms and viruses were likely to be propagating by spoofing e-mail addresses (mine in this case) and sending an attachment. Normally this is a pretty random event; it had the potential to be a lot worse. After all, I’d just returned from our latest IP PBX test at the University of Hawaii’s Advanced Network Computing Lab, so it wouldn’t have been unreasonable for me to be sending binary attachments to our art department.
Fortunately, our guy was alert -- he paid attention to what dropped into his e-mail box, and questioned something that didn’t look right. This was exactly the right move. Yours truly, on the other hand, wasn’t aware there was anything going on until that e-mail arrived. Partly I can blame jet lag (six time zones is a lot). Partly I can blame the fact that I’d deliberately ignored e-mail during the weekend for reasons having to do with some drugs my doctor had given me for an injury received in Hawaii.
They worked great as painkillers, but caused coherent thought to function on a somewhat lower level than usual. I was trying to spend as much time as possible lying down. Now, before you let your imagination run wild, the injury involved nothing exotic (you can’t win 'em all) but was apparently related to a rental car foisted upon my by Avis (more evil afoot, no doubt).
Fortunately, I was the only one on the staff trying to accomplish better living through chemistry. Everywhere else, alerts were going out, the IT department was moving to crush the attack before it got good and settled, and e-mails were flying, warning the staff what to look out for. As a result, we mostly dodged the bullet.
What’s interesting is that I’m hearing the same thing from other companies as the MyDoom event starts to fade. Yes, Google and some other search engines were hit hard for a day, and some companies found out they were in trouble. But unlike many earlier attacks, IT departments seemed to get their acts together. Even though the first worm-laden e-mails got by most of the virus filters, users had been taught what to look for, and in many cases, took action according to their training. Although plenty of companies and home users got hit badly, it could have been worse. Training and communication worked.
It seems simple after the fact, but it’s not. The success of such virus attacks depend on users not being suspicious of bogus e-mails and attachments. As more users become aware of the consequences of inattention, it’ll be harder for the worm writers to spread their evil. Sure, there are tools to help, but as this attack demonstrates, there’s still no substitute for training and awareness.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
