About
Subscribe

E-mail: The virus expressway

By Andrew McHenry, Consultant, Cameo Group
Johannesburg, 03 Mar 2000

As e-mail has grown in popularity, so the number and frequency of viruses has increased. Andrew McHenry of Aqua Online warns about the potential threat of e-mail-delivered viruses.

In the early years of computing, when the XT was considered a top-of-the-line desktop PC and 640kB RAM was more memory than you could ever use, the cyber-world was a very big place. There was little communication between computers and it took years for a virus to proliferate any distance at all.

This was because the primary means of spreading viruses was via the humble floppy disk. Many viruses never left the geographical areas in which they were originally written or found. To become truly international, a virus needed to be downloaded from the forerunner of the Internet, the Bulletin Board Service (BBS).

The unsuspecting victim

In the current technology time zone, worldwide networks pass information between computers at lightning speed. In this gridlock of communication, e-mail is the expressway that provides viruses with instant door-to-door delivery. And if e-mail is the carrier - the corporate network is the petri dish that allows technology viruses to multiply at a rate of knots.

The corporate network is the most sensitive to the threat posed by viruses that are able to proliferate quickly. The propagation of e-mail has inadvertently caused an increasing amount of downtime for company networks, as it exposes it to the never-ending stream of worms and viruses.

Some viruses, known as worms, are designed to multiply themselves with the aid of a network. Most of these worms use e-mail to travel from one computer to the next. An infamous example is WM97.Melissa, which can hide inside a Microsoft Word document as a macro. On opening an infected document, WM97.Melissa infects the whole computer and e-mails of the infected document to the first 50 people that appear in that computer`s address book. This has resulted in many e-mail systems being overburdened by the load of communication, and ultimately going offline.

The primary danger posed by worm-type viruses is that the corporate network is continually exposed to their danger. Following a difficult and time-intensive process to purge the virus from an organisation, it just takes one user to access an infected e-mail or document and the epidemic starts afresh.

These viruses get around

Worms are not the only breed of virus that capitalise on e-mail as their carrier. Other variants, such as W9x.CIH - a highly destructive virus that infects Windows 32-bit executables, also makes use of the e-mail superhighway.

Perhaps the most frightening consequence of these viruses using e-mail to multiply is how simple the process has become. In an everyday example, Bob, from accounting, receives a harmless game or a joke program from Ed, a good golf buddy. Bob plays the game, enjoys it, and forwards it to a couple of colleagues in the organisation and to a few friends. Everybody enjoys the game and forwards it to other friends and colleagues.

Unfortunately for Ed, it is very possible that the seemingly harmless executable was in fact infected with CIH. Without even realising it, Ed is now responsible for propagating W9x.CIH to an ever-increasing number of users. If you ask Bob why he executed the attachment, he would look at you with shock and say: "But I know Ed, he would never send me a virus."

This simple example illustrates a common problem that is creating havoc for hundreds of corporate networks across the country. While IT managers often succeed in education users to delete e-mail and attachments from unknown people - few end-users can resist an appealing looking executable from family and friends.

E-mail is an open gateway into your organisation. It is an unguarded pathway and mostly used by people who have not yet been educated about the dangers of attachments.

Guarding the gateway

To address the problem of viruses entering the system through e-mail, one needs to look at the actual entry point of the virus into the system. The mail gateway is the system where e-mail, including the associated attachment, enters the organisational network and is directed to the addressed users` electronic pigeonhole or mailbox.

The logical answer is to place a guard at that gateway, to monitor the information that is allowed to enter the organisational network. Ideally this "guard" should scan all attachments for viruses, enforcing the company`s security policy regarding the types of attachments allowed into the organisation. In addition, it is advisable for any organisation to put a strict security policy in place which disallows executable attachments. This will not only cut down on the amount of viruses able to enter the network, but also on the time and bandwidth wasted on large attachments such as JPEGs, AVIs, etc.

In conclusion

E-mail may well be the timesaving device of the technology generation - improving productivity and communication across the organisation. But it also exposes the organisation to possibly unchecked influences.

The answer is twofold. Firstly, it is important to ensure your users are educated. By making all users aware of the threat and impact of viruses they are more likely to co-operate in the combat against these unwelcome intruders. In addition it is important to have an effective "guard" (gateway anti-virus software) in place - monitoring the type of information allowed in to the organisation and enforcing a strict corporate IT policy.

Share

Editorial contacts

Andrew McHenry
ITWeb News Services
(011) 447 0877