Untitled Document

Beware of the 'Dancing Bunnies'

Forrest Anderson, ITD Cyber Security Officer
Not so long ago in a company not so far away, Bubba was busy at work. While Bubba was busy working his computer suddenly flashed and said “Ding, you’ve got mail.” This really was not too surprising, because it always does that whenever Bubba gets an e-mail message.

The subject line of this particular message was “See the Dancing Bunnies.” In an instant, life for Bubba was forever changed. With the delivery of that e-mail something magical had happened. Bubba no longer cared about how much work he had to do, or even that it was almost lunchtime. All Bubba wanted or cared about was to see the Dancing Bunnies.
Click, click went Bubba’s mouse…

There are several alternate endings you could write about Bubba and the Dancing Bunnies. Some may have happy endings where Bubba lives happily ever after with the sweet memories of the Dancing Bunnies. Some may have dark and tragic endings because Bubba’s management and the IT support staff didn’t share his enthusiasm for the Dancing Bunnies.
The moral of this story might be that, given a choice between security and Dancing Bunnies, some people will pick Dancing Bunnies every time.

I tell you that story in order to remind you of this one.

The Bagle E-mail Worm, of which there were dozens of variants, managed to propagate itself across many organizations' networks worldwide. One particular variation of the Bagle Worm came as an e-mail with an encrypted, password protected, zipped file attachment. The password was revealed in the message body of the e-mail and the recipient was instructed to open the attachment, enter the password to un-encrypt and un-zip the file and then to ‘double click’ on the enclosed executable file to see the ‘Dancing Bunnies.’

That takes a fair amount of conscious effort.

Being able to generate the kind of determination it takes to follow these steps is the art of motivation. Once executed, the worm would disable security software and then download malicious code from a Web site in a foreign country. It would then send copies of itself to addresses found on the victim’s computer, further perpetuating the process. These kinds of malicious applications with many different names, like Bagle, Zhelatin and Storm can spread globally in just a few hours.

The tactics used by the spreaders of these viruses and worms is called “social engineering.”

The message needs to change constantly to get past the e-mail filters but it also must be sufficiently clever or deceptive to get past the users’ defenses, peak their curiosity or greed, and then get users to click on the attachment or link. Sometimes it’s not just curiosity or greed. Sometimes it’s a real sense of responsibility that gets him. “Click here now” reads the e-mail; “Retrieve your greeting card,” “important message just for you,” “download the latest updates to protect your computer, your company, your boss, your first born child…”

Bubba clicks, even though subconsciously he knows better.

“Ha Ha! Gotcha!” say the Dancing Bunnies.

Some of these e-mails are not so clever and are easily recognized for what they are. But some are not. They may appear to be legitimate or seem to be from a trusted source. There is an ongoing struggle between those who create these exploits and those who defend against them. The tools to detect malicious e-mail are getting better. The layers of defense are getting deeper.

But the strategies of deception and the costs of being deceived are getting better and higher as well.

Ultimately, the last line of defense is, and will continue to be for the immediate future, at the desktop … in the hands of Bubba…

“Stop. Think. Click.”

If you have questions related to Cyber Security, or want to make comments or express concerns, you can contact the Cyber Security Officer – Forrest Anderson, 334-8158, or e-mail him at: forrest.anderson@itd.idaho.gov or cybersecurity@itd.idaho.gov