Thursday, November 24, 2005

You Have the Right Not to
 Click on the Attachment

So you wake up in the morning and there's an email in your inbox. This one looks official, and it's from the FBI. It says, in part, that your Internet address has been implicated in illegal online activity.

Man, I hate when that happens.

The email then asks you to respond to a few questions. Just click on the little attachment there, and all will be well. (After all, Internet addresses are easily spoofed. I mean, I get emails from places like Little Susie's House of Pain all the time, and I've never visited that site.) (Well, OK, once.) (In a while.) (But still...)

Needless to say, this is just a little bit of social engineering to get you to open the attachment. If the FBI or CIA wants to ask you questions, they have more efficient means of doing it than sending you an email attachment. If you do open the attachment, your (Windows) computer will be infected with the Sober Worm, a nasty piece of work that starts by disabling your virus protection package and in some cases rewriting your hosts file (yes, your computer has one). That makes it impossible for you to contact your virus protection provider for information on how the remove the worm. If that happens, you may need these tips on removing the Sober Worm. Be warned. One of the tips says, essentially, "Go to a friends house. Say, 'I've been a complete idiot and opened an unsolicited attachment on my PC, and now I've got the Sober virus. Can I use your information to download the tools I need to remove it?'" If that doesn't stop you from clicking on attachments, nothing will.

Your friend will probably guess that one of his friends has been infected, because he'll be getting copies of the virus emailed from every infected computer that stored his email address. Including Little Susie's House of Pain. (I've told that woman that she needs a better computer system.)

Oh, did I mention that this virus only infects Windows machines? Not Macs, Linux, or Unix boxes? We've been trying to tell you, kiddies...


Anonymous said...

Excellent article, I'm a Debian user myself and unfortunately have rec'd no less than 100 of those emails from windows users in the past week. It is getting so aggravating that I have been going to the server first and deleting them from there. When will those poor windows soles learn.