For Viruses, You Are the Weakest Link

June 6, 2001 -- What if they launched a computer virus and nobody noticed?

Computer security experts say the new “Miss World” virus floating around the Internet today can completely erase a computer’s hard drive if the recipient opens the e-mail’s attached file.

But most anti-virus authorities aren’t particularly worried.

Miss World, it seems, like many recent viruses, isn’t hard to stop or even “particularly sophisticated,” says Patrick Martin, development manager for Symantec’s Anti-Virus Research Center.

In fact, Martin and other Internet security experts note that programmers’ “social engineering” tricks are more important than complex programming schemes to spread bad bugs these days.

“They’re getting more creative in the ways they’re trying to get people to double click on the attachment,” says Martin. “All of them use interesting wording.”

Last year’s infamous “I Love You” virus, for example, spread rapidly because the e-mail it was attached to appeared to be a genuine sign of affection from someone the recipient knew.

Last month’s Homepage virus generated a similarly corrupt e-mail with a plea to “check out” a Web site.

Such well-crafted tricks are simple to create — and help keep well-known viruses circulating.

Open the Files, Spread the Problem

Both the Anna Kournikova and the more recent “Jennifer Lopez” virus are variations of the “I Love You” bug and even use the same social “hook.” Open the files to supposedly view illicit pictures of the mentioned stars. But what you’re really doing is spreading the problem.

Yet, the J-Lo virus didn’t do anywhere near the damage of the one named for the tennis beauty which circulated last February.

And that’s probably because computer users — especially high-volume power users like large corporations — are wising up to the virus-spreader’s tricks.

Jerry Freese, director of intelligence at security consultant firm Vigilinx in Parsippany, N.J., says corporate network managers “are getting smarter” about stopping clever but simple bugs.

In today’s alert about Miss World, for example, Vigilinx notes that any filtering mechanisms on a corporate network should detect the hazardous attachment and strip it out of the e-mail prior to activation by a user.

Symantec’s Martin says his company still receives reports “several times a week” about such crafty bugs. But socially engineered viruses may be on the decline.

“Virus writers recognize that social engineering has a good impact now,” says Martin. “But it will die out as people become more aware.”

In their place, Martin and other are noticing that much more sophisticated viruses that are borrowing some elements from socially engineered bugs.

A virus known as W32.magister, uses some elements of social engineering to help infect other computers. But unlike other simple bugs, this virus is “polymorphic” — it randomly changes the e-mail’s subject line and how the virus interacts with the infected computer, making it harder for filters to find and stop.

And given the millions of people who are jumping online and accessing the Net, it may take a while for them to disappear completely. “It will probably be another year or two before everyone understands not to open an attachment in e-mail,” says Martin.

In other words, when it comes to fast-spreading viruses, people are still the weakest link.