Sharing the Blame for Email Virus Outbreaks

Lots of people, from leaders of companies to kids surfing the 'Net, share the blame for letting the simple Anna Kournikova virus wreak havoc. Learn how to stop the next outbreak.

Email administrators have some explaining to do if their companies lost work time because of last week's outbreak of the Anna Kournikova virus (aka OnTheFly, SST, or Kalamar_A). After last year's LoveLetter virus outbreak, email administrators have no excuse for letting an email-borne virus disrupt productivity. They've had plenty of time to implement any or all of the following preventive steps that would have slowed down the Anna virus or stopped it in its tracks.

Change the registry to show all file extensions so that users can clearly see when they're running a .vbs file. While you're at it, consider changing the default behavior so .vbs files open in Notepad rather than run as scripts.

Install software to block .vbs file attachments at the mail server.

For Microsoft Outlook 2000, apply Office Service Release 1/1a (SR1/1a), which includes an Attachment Security Update to force users to save potentially dangerous files before opening them. (Unfortunately, the versions of this patch for Outlook 98 and Outlook 97 do not protect against inadvertent running of .vbs files.)

If you can handle the consequences for your third-party and in-house custom applications, deploy the Outlook E-mail Security Update for Outlook 2000 and Outlook 98.

Some antivirus product manufacturers should search their souls, too. The Anna virus used no new techniques and exploited no new vulnerabilities. Apparently written with a known virus toolkit, it exploited the all-too-obvious method of fooling unwitting users with a double file extension—jpg.vbs. Yet, to stop Anna, some antivirus software developers scurried to distribute a new set of virus definitions. The best products isolate potentially infected messages based on virus patterns, not the newest virus's particular subject line or file attachment name. If your antivirus software is only as good as your last update, it's not good enough.

Policy makers must shoulder some responsibility, too, for Anna's disruptions. When the LoveLetter outbreak hit, upper management in every organization should have recognized the value of a good antivirus protection plan—and system administrators with training and resources to carry it out. Did your management demand such a plan and provide your system administrators the wherewithal to implement it?

That plan should involve user education and responsibility. Does your company have a policy that requires users to report suspected viruses? Are employees penalized for taking risky email actions? I heard that one firm sent home two employees for 5 days without pay because they spread the LoveLetter virus.

Too harsh, you say? You'd fire someone for sabotaging your company's network, wouldn't you, and perhaps bring criminal charges? Take a cue from the traffic courts: If an employee demonstrates ignorance of computers by spreading a virus, remove logon privileges until the worker completes a safe-computing course that includes simulations of actual computer-security scenarios. You'll make your point with workers if you rank correct computer conduct along with other objectives in annual performance evaluations.

I don't expect ISPs to require safe computing licenses before they let individual users sign up for accounts, but schools should be teaching good mail practices along with how to search the Web and stay out of trouble in chat rooms. Kids can learn to identify possible viruses and avoid getting carried away with Internet hoaxes.

And by the way, do your own kids know better than to open an unsolicited file attachment?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.