|
|
|
|
|
|
They’re not that clever… … so why do viruses like Klez-h keep spreading? David Dorn is worried. I do some IT consultancy work, on a local basis, to keep my hand in with networking and other end-user issues. I find it’s useful as a source of research for penning guides – I get to find out what users don’t know., which is handy. Sometimes, though, I discover that users who ought to know, don’t. And these users are not so much users as first line support. Now, if you’ve never worked anywhere where there’s an IT department that provides first-line troubleshooting and support, you won’t know that these people – they man the helpdesks – are supposed to be a cut above your average clerk or salesman. Unlike the users, whose job it is to either clerk, or sell or whatever, these support folks are supposed to actually know about the computers it is their job to maintain. They’re supposed to be able to identify faults, and fix them. That is what they’re paid to do. There’s one company, though, that makes use of my services, which has a first level support team based elsewhere in the country. They dial into users computers using PC Anywhere-type software over the Wide Area Network, take over the mouse and keyboard, and drive the machine, rather than try to talk their users through what can often be complex procedures. This company had a problem with one machine. Email was stuck. The PC’s user placed a call to the helpdesk, and they, helpfully, dialled in to fix the problem. While the support person at the other end of the country was controlling the machine, its user – let’s call her Susan – noticed that he enabled the preview pane in Outlook Express. Now, as a matter of course, I had been round all the PC onsite and expressly disabled the preview pane – it’s a major source of nasties like Klez getting a hold on a machine. I’d also made absolutely sure that everybody in the company was aware that, virus-wise, OE is not the most bullet-proof of products, and that they enable the preview on pain of death – well, a telling off by the boss’s wife, which is nearly as bad. Susan had a list of about ten emails which she was having problems reading. So, our intrepid support guy, it seems, who was talking to her on the phone, reckoned it would be easier to sort if the preview pane was active. She pleaded with him not to do it, but he’d already done it. And guess what? The first email on the list was infected with Klez-H. Now, although Klez-H is clever, it’s not that clever. Like most Spam and email-born viruses, it’s quite easy to spot that it’s not a kosher message, just by the message subject. How? It’s fairly simple, really. Most Spam and virus-payload emails are designed to catch out the hard of thinking, and their authors seem to have a very poor opinion of their intended victims’ ability to be selective in what they read. So, they form message subjects that read like a two-year-old’s attempt to get another ice-cream cone. “Make $$$$$$$ with no effort”, “I thought you’d like this”, “That file you wanted” and so on – they’re all come-ons to get you to open an email without thinking. The really clever come-ons use fear to get you to double-click on them - “Confirmation of order – Access limit reached”, “Your Visa Credit Limit has been exceeded, reply required” are two I’ve seen, although there are many more. But a second’s thought dismisses these emails as what they are – electronic chaff, to be discarded unread. Our unwitting support person, though, decided against engaging his brain. He should have checked the message subjects before he even thought of doing anything else. He should have deleted the obvious spams and virus-laden ones, or at the very least used the “reply to sender” trick (if you’re really that curious, you can right-click and select “reply to sender”, which will open up a reply email, complete with the text of the incoming mail, each line preceded by a chevron, which negates most code – so you can see what’s in there without giving any code the chance to execute). As it stands, he didn’t, and the whole network at the company was suddenly and nastily infected by Klez-H. It took me the best part of two days to cleanse the system of all traces of Klez, and I fired an email off to the support person concerned, and his supervisor, telling him exactly what I thought of him. In truth, it’s down to people like this that viruses keep spreading. The rules are simple – we’ve stated them here often enough, and they should be widely known. But some people either don’t think, or think that it can’t happen to them. If a support guy who should know better allows an infection to occur, what chance for the rest of us? Have your say - click here |
