A Thrill-Packed Tale Of A Virus Near-Miss - InformationWeek
IoT
IoT
News
Commentary
5/10/2005
11:51 AM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

A Thrill-Packed Tale Of A Virus Near-Miss

I just got hit with my very first instant-message attack, the Oscarbold/Doyorg Trojan. I'm sure I'll see more. One thing I found interesting about the experience was the way that the attack circumvents our normal mental security defenses.

I just got hit with my very first instant-message attack, the Oscarbold/Doyorg Trojan. One thing I found interesting about the experience was the way that the attack circumvents our normal mental security defenses.

Like most of you, I pride myself on having developed a fairly good ear for phishing and other forms of e-mail attacks. I follow some common-sense rules:

- Nobody at Washington Mutual, eBay or PayPal really wants to have my login and password information. I don't even do business with WaMu, and I hardly ever use eBay or Paypal.

- If I get an e-mail seeking valuable information like a credit-card number or Social Security number, the first thing I ask myself is whether I was expecting this e-mail. Is it coming from a company I actually do business with? Did I just do a transaction with these guys recently? Does it make sense they'd be e-mailing me now? If the e-mail is expected, I check the URL carefully to see if it matches the legitimate URL I know.

So far, no e-mail message has ever passed the previous test. I rarely get e-mail purporting to be from a company I actually do business with seeking my Social Security number or credit number. And when I do get such a message, it turns out the URL in the message is obviously fraudulent.

- In addition to those tests, I rely quite a bit on writing style to determine whether a message is legitimate. When Microsoft sends a security alert, it doesn't read like it was written by a 17-year-old from Eastern Europe with only a rudimentary grasp of English.

You should also rely on technical security barriers, of course, including anti-virus, anti-spyware, anti-spam, and firewall software and hardware. But don't disregard the importance of the security wetware between your ears.

But the Oscarbold/Doyorg Trojan almost got through my defenses anyway.

The attack came to me in the form of an AOL IM message that appeared to come from a co-worker. "i thought youd wanna see this," is what the message said, and the word "this" was a hyperlink to an external site.

This guy usually sends me valuable stuff. And the message seemed legit. So I clicked the link. And was sent to a page in my Firefox browser that said the Web page was sending me a file — did I want to download it, or open it right away? I spoke the words of the immortal Lt. Uhura: "Sorry, neither," and I clicked "cancel."

And avoided a major pain in the neck.

If I'd been running different software, I'd be cleaning the mess off my computer right now. One of my colleagues is. Like me, he runs the Firefox browser, so we can't blame this one on Internet Explorer. The difference between his set-up and mine: he runs the America Online instant message client, and I run the GAIM IM client. GAIM saved me.

Lessons learned: Think about giving up public instant-messaging networks like AOL's. Instead, use a private network for business instant messaging. If you must use a public network, avoid the standard client if you can; use a multi-purpose client like GAIM (the one I use) or Trillian.

More importantly: We have to start using our mental security defenses on IM messages now. With e-mail, we can be careful of messages that seem to come from illiterate people. In IM, it's trickier because people often write IMs in haste, and neglect to proofread, capitalize, correct spelling and use proper punctuation. So the usage errors in the earlier IM wouldn't have clued me in even if I were on the lookout for them.

One clue that I'll watch for in future IMs: Hyperlinks in the message, like this. Nobody I know sends hyperlinks like that, we all just send links as plain text, like this: http://www.securitypipeline.com/.

This was my first personal encounter with an instant message infection. I'm sure I'll be seeing more.

Mitch Wagner is editor of Security Pipeline

(Permanent link to this article.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll