IDAHO NATIONAL TRANSPORTER Idaho
Transportation
|
Forrest
Anderson, ITD Cyber Security Officer The
subject line of this particular message was “See the Dancing Bunnies.”
In an instant, life for Bubba was forever changed. With the delivery
of that e-mail something magical had happened. Bubba no longer cared
about how much work he had to do, or even that it was almost lunchtime.
All Bubba wanted or cared about was to see the Dancing Bunnies. There
are several alternate endings you could write about Bubba and the Dancing
Bunnies. Some may have happy endings where Bubba lives happily ever
after with the sweet memories of the Dancing Bunnies. Some may have
dark and tragic endings because Bubba’s management and the IT
support staff didn’t share his enthusiasm for the Dancing Bunnies.
I tell you that story in order to remind you of this one. The Bagle E-mail Worm, of which there were dozens of variants, managed to propagate itself across many organizations' networks worldwide. One particular variation of the Bagle Worm came as an e-mail with an encrypted, password protected, zipped file attachment. The password was revealed in the message body of the e-mail and the recipient was instructed to open the attachment, enter the password to un-encrypt and un-zip the file and then to ‘double click’ on the enclosed executable file to see the ‘Dancing Bunnies.’ That takes a fair amount of conscious effort. Being able to generate the kind of determination it takes to follow these steps is the art of motivation. Once executed, the worm would disable security software and then download malicious code from a Web site in a foreign country. It would then send copies of itself to addresses found on the victim’s computer, further perpetuating the process. These kinds of malicious applications with many different names, like Bagle, Zhelatin and Storm can spread globally in just a few hours. The tactics used by the spreaders of these viruses and worms is called “social engineering.” The message needs to change constantly to get past the e-mail filters but it also must be sufficiently clever or deceptive to get past the users’ defenses, peak their curiosity or greed, and then get users to click on the attachment or link. Sometimes it’s not just curiosity or greed. Sometimes it’s a real sense of responsibility that gets him. “Click here now” reads the e-mail; “Retrieve your greeting card,” “important message just for you,” “download the latest updates to protect your computer, your company, your boss, your first born child…” Bubba clicks, even though subconsciously he knows better. “Ha Ha! Gotcha!” say the Dancing Bunnies. Some of these e-mails are not so clever and are easily recognized for what they are. But some are not. They may appear to be legitimate or seem to be from a trusted source. There is an ongoing struggle between those who create these exploits and those who defend against them. The tools to detect malicious e-mail are getting better. The layers of defense are getting deeper. But the strategies of deception and the costs of being deceived are getting better and higher as well. Ultimately, the last line of defense is, and will continue to be for the immediate future, at the desktop … in the hands of Bubba… “Stop. Think. Click.” If you have questions related to Cyber Security, or want to make comments or express concerns, you can contact the Cyber Security Officer – Forrest Anderson, 334-8158, or e-mail him at: forrest.anderson@itd.idaho.gov or cybersecurity@itd.idaho.gov Published 10-19-07 |