Computerworld - The Sober worm is back, and it's using an old trick. Two new incarnations of the Sober computer worm, W32/Sober-N and W32/Sober.p, spread across the Internet over the past few days, infecting home and business PCs around the globe (see story).
Another recent variant, Sober.M, which surfaced back in April, deliberately used incorrect grammar within the subject line, thereby attempting to convince recipients that the e-mail wasn't a virus and make them more likely to open the infected attachment. The reason behind the success of these worms? Two words: social engineering. Our natural human tendency to trust is exploited by virus writers and hackers all the time.
So how can users protect against these types of attacks? Since viruses are usually more prevalent and more damaging to networks than hackers and crackers are, instruct all e-mail users to be extremely careful about the attachments they open, especially those from unknown sources. While this will help with the vast majority of e-mail-borne malicious code, organizations should make sure their antivirus software is kept up to date.
Since humans can be tricked into opening attachments via various social engineering tactics, an obvious solution to this "virus in attachment" dilemma is to stop any rogue attachments before they get to your staff -- predominantly at the e-mail gateway.
As far as hackers are concerned, your best defense against social engineering is to instruct and train all users never to give out sensitive information without going through proper channels. While this seems simple in principle, it can be difficult to enforce; people are the weakest link in your security chain, and they'll occasionally make mistakes.
To make the social engineering tactic easier for employees to understand, be sure to establish definite, clearly written policies that deal with the distribution of confidential or sensitive information within your organization. The policies must also contend with the use of Web mail, a growing trend. Web mail uses HTTP Port 80, so it appears like any other Internet traffic. With this in mind, you need a clear corporate policy on Web mail use that is both well-written and supported by senior management. Such a policy, along with widespread user awareness and routine compliance checking, will help keep things in check.
Employees must know to whom it is appropriate to give information as well as what specific information may be given. That way, in the event employees are asked to reveal such sensitive or confidential information, they'll know how to verify that the person requesting information is who heclaims to be.
Procedures for identity verification must be put into everyday practice, and employees need to be aware that no matter who is requesting information, be it a fellow employee or a higher-up in the organization, the requester's identity must be verified. Furthermore, management must endorse the policy that no negative repercussions will result from challenging a person's identity.
Note that while some Internet service providers may on occasion request a change of password, they usually won't specify what you should change it to via e-mail, nor will they ask you to send them any password information via e-mail. If you suspect that you've received a spoofed e-mail from someone with malicious intent, you should contact your service provider's support personnel immediately.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
