The Latest Virus

It’s true confessions time here at CIO. Last week, I did a terrible thing: I accused my security colleague Scott Berinato of sending me a virus. My vision of the world had been shaken. If I couldn’t count on Scott to update his anti-virus software, just who could I count on?

In fact, an e-mail that seemed to come from Scott did, in fact, contain the dreaded Klez worm. But as it turns out, the virus was only pretending to come from Scott. And that’s just one of the ways that Klez smashes all the virus awareness CIOs have been doing for years. Not only does Klez spoof its sender, it randomly selects a subject line and message. As if that weren’t enough, it also attaches itself to files with such everyday extensions as DOC, HTML, RTF and XLS — and the user doesn’t necessarily need to open an attachment to get the virus.

All of which got me thinking about how many e-mails like mine got sent and then, as politely as possible, unsent. Maybe one round of them went like this….

From: Chuck Nelson on 04/29/2002 at 11:37 a.m. To: All users Subject: New virus in the wild

The latest computer virus making the rounds is highly destructive and has infected numerous machines here at Multi Mega Corp. Inc. As always, remember: Never open an attachment from someone you don’t know, and in particular, be suspicious of the file extensions VBS and EXE.

Please update your anti-virus software.

Sincerely, Chuck Nelson CIO

—-

From: Chuck Nelson on 04/29/2002 at 11:52 a.m. To: All users Subject: Fw: New virus in the wild

Contrary to my last e-mail, this virus may actually come from someone you know. Please be suspicious of e-mails that come from people you know, in addition to those that come from strangers. The infected e-mail may have the subject line “Please try again” or “From [name].”

Please update your anti-virus software.

Chuck

—-

From: Chuck Nelson on 04/30/2002 at 2:37 p.m. To: All users Subject: Anti-virus software updates

Due to the recent proliferation of viruses at Multi Mega Corp. Inc., IS will be spending the next few days updating the anti-virus software on everyone’s computers.

-C.N.

—-

From: Chuck Nelson on 05/01/2002 at 7:59 a.m. To: All users Subject: Please try again

Attachment: salary-proposal.doc

—-

From: Chuck Nelson on 05/01/2002 at 8:17 a.m. To: All users Subject: PLEASE DISREGARD PREVIOUS E-MAIL

—-

From: Chuck Nelson on 05/01/2002 at 8:32 a.m. To: All users Subject: Viruses

It has come to our attention that the latest virus may appear to come from someone it’s not actually coming from. Also, it uses a random subject line. Please pay close attention to attachments regardless of the subject line and who they come from. Be suspicious of the DOC, HTML, XML, or RTF extensions.

As always, we kindly ask that you update your anti-virus software immediately.

Regards, Chuck

—-

From: Chuck Nelson on 05/01/2002 at 8:33 a.m. To: CFO’s office Subject: Re: Please try again

Yes, of course, we’re all upset about the salary information file. The worm grabs a random file from an infected user’s hard drive and attaches it to the e-mail. Please remind your assistant to update his anti-virus software.

Chuck Nelson

—-

From: Chuck Nelson on 05/01/2002 at 8:45 a.m. To: All users Subject: Attachments blocked

EFFECTIVE IMMEDIATELY, ALL E-MAIL ATTACHMENTS WILL BE BLOCKED!!!

—-

From: Chuck Nelson on 05/01/2002 at 8:47 a.m. To: All users Subject: Re: Attachments blocked — please disregard

Due to input from the executive team, please disregard the previous e-mail. Attachments will not be blocked. We in IS understand that attachments are a very important part to the continued success of Multi Mega Corp. Inc.

Please update your virus definition files.

Charles Nelson, CIO

—-

From: Chuck Nelson on 05/02/2002 at 2:12 a.m. To: All users Subject: Virus fighting

Please be on the lookout for e-mails with attachments that seem odd or not right. E-mails without attachments are also suspect. Also, please note that the virus may infect your computer regardless of whether you actually open the attachment.

Please update your anti-virus software.

Chuck

—-

From: Chuck Nelson on 05/02/2002 at 9:11 a.m. To: John Peterson Subject: Re: Virus fighting

No, pictures of Rachel’s Las Vegas wedding don’t count as the kind of “odd” things I was mentioning. But please confirm before opening that the pictures are indeed of the wedding and were sent to you by Rachel.

I notice that you haven’t updated your virus definitions lately. Please do so immediately.

C.

—-

From: Chuck Nelson on 05/02/2002 at 9:30 a.m. To: All users Subject: Re: Virus Fighting

Just to clarify my previous e-mail, please be on lookout for the following kinds of e-mails:

- do or do not come from someone you know - contain attachments you are not expecting, or were expecting but never received - have a name in the subject line - have typos, or simple words that are spelled correctly - contain unexpected information, or information that seems overly ordinary - appear to come from someone you have not heard from in a while - arrive overnight or during the business day

Thank you for being on the lookout, and again, PLEASE update your anti-virus software.

-Chuck

Join the newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sarah Scalet

Latest Videos

More videos

Blog Posts