|
Hey, what a coincidence
Jorina Choy / Singapore
 Several weeks
ago I received an e-mail with the subject “Re: Hey” in my mailbox.
Thinking it was another of those usual virus-laden e-mail
or spam, I reached naturally for the Delete button without even opening it.
Why I stopped short was because of the “Re:” in the header. “It’s
a reply? To what?” I wondered to myself. Out of curiosity, and since I
use an iBook and practise safe habits like never opening suspicious attachments,
I decided to read the e-mail.
To my surprise, it came from a university schoolmate from years ago, asking
if I was the same Jorina he used to know. He was replying to a “Hey”
e-mail that carried my e-mail address—the work of a virus, no doubt. At
least something pleasant resulted from what could have been yet another nuisance
e-mail. I asked TruSecure’s security evangelist Wong Loke Yeow how this
could have happened. His answer was that this “could be a combination of
a spambot or worm and coincidence”.
A spambot is a program that, unbeknown to the computer owner, sits in an “infected”
computer and acts as a mail proxy, he explained. And the person sending the
e-mail through the spambot—who could be anywhere in the world—controls
where the e-mail goes to.
Worms can also gather e-mail addresses from the PC they have infected and use
addresses on that PC as the spoofed address.
This means that whoever got infected needs only to have the two addresses—mine
and my friend’s—for this to happen. So a mutual friend’s PC must
have been infected. Or someone could have visited a Web page that contained
both our e-mail addresses.
The chances of this happening is not high—Wong did say it was a coincidence—but
when you learn of such viruses spreading to instant messaging software and mobile
phones, there is definitely cause for alarm. I read recently of the first network
worm that spreads via mobile phones. This uses the Bluetooth wireless feature
of smartphones with the Symbian OS. The worm arrives in the phone’s in-box
as a file named “caribe.sis”, and when accepted by the recipient,
it activates and starts looking for new devices to infect over Bluetooth.
Security vendors say that Cabir is more a demonstration than an attack and poses
little threat, the only damage being a shorter battery life as it scans for
other Bluetooth devices.
But Cabir is indicative of the potential damage mobile worms can have. It won’t
be long before truly destructive viruses start appearing.
With mobile devices increasingly being used to dial in to corporate networks,
imagine the damage caused by mobile viruses if they can be transmitted from
device to network.
Enterprises would have to prepare their security infrastructure for the onslaught
of instant messaging and mobile worms. In fact, they should start doing so now.
I’m more concerned for the SME. When is security considered adequate? How
much investment is enough?
I’ve asked vendors what an SME should do since it can’t possibly invest
in all the security technologies being sold to them.
The answers have not been forthcoming, neither am I confident that they will
arrive before I get hooked up unwittingly with another long-lost friend.
This article first appeared in Asia Computer Weekly
|
