Security education works

It was a simple e-mail from someone in the InfoWorld art department that tipped me off to the fact that there was evil afoot. Well, OK, there’s always evil afoot, but in this case, the particular evil was the current rebirth of MyDoom. The e-mail asked a question: Was the original e-mail a real attachment from me or was it bogus?

I knew instantly that it was bogus, and reported it as such -- so much for that attempt to infect InfoWorld with MyDoom, at least with this particular message. But there would be plenty of others.

This was notable because the art department staffer involved was aware that worms and viruses were likely to be propagating by spoofing e-mail addresses (mine in this case) and sending an attachment. Normally this is a pretty random event; it had the potential to be a lot worse. After all, I’d just returned from our latest IP PBX test at the University of Hawaii’s Advanced Network Computing Lab, so it wouldn’t have been unreasonable for me to be sending binary attachments to our art department.

Fortunately, our guy was alert -- he paid attention to what dropped into his e-mail box, and questioned something that didn’t look right. This was exactly the right move. Yours truly, on the other hand, wasn’t aware there was anything going on until that e-mail arrived. Partly I can blame jet lag (six time zones is a lot). Partly I can blame the fact that I’d deliberately ignored e-mail during the weekend for reasons having to do with some drugs my doctor had given me for an injury received in Hawaii.

They worked great as painkillers, but caused coherent thought to function on a somewhat lower level than usual. I was trying to spend as much time as possible lying down. Now, before you let your imagination run wild, the injury involved nothing exotic (you can’t win 'em all) but was apparently related to a rental car foisted upon my by Avis (more evil afoot, no doubt).

Fortunately, I was the only one on the staff trying to accomplish better living through chemistry. Everywhere else, alerts were going out, the IT department was moving to crush the attack before it got good and settled, and e-mails were flying, warning the staff what to look out for. As a result, we mostly dodged the bullet.

What’s interesting is that I’m hearing the same thing from other companies as the MyDoom event starts to fade. Yes, Google and some other search engines were hit hard for a day, and some companies found out they were in trouble. But unlike many earlier attacks, IT departments seemed to get their acts together. Even though the first worm-laden e-mails got by most of the virus filters, users had been taught what to look for, and in many cases, took action according to their training. Although plenty of companies and home users got hit badly, it could have been worse. Training and communication worked.

It seems simple after the fact, but it’s not. The success of such virus attacks depend on users not being suspicious of bogus e-mails and attachments. As more users become aware of the consequences of inattention, it’ll be harder for the worm writers to spread their evil. Sure, there are tools to help, but as this attack demonstrates, there’s still no substitute for training and awareness.