Virus Bulletin 2000
This was my second Virus Bulletin paper, for Virus Bulletin 2000: The E-Mail of the Species: Worms, Chain-Letters, Spam and other Abuses. This was a reserve paper and not included in the conference proceedings, so it hasn’t been available for a few years. Again, the contact data is out of date, but some of the content is certainly still relevant.
Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.
Hoaxes, urban legends, spoofs, chain letters: they were there before there was an Internet and quickly adapted to new communications media. By 1997, hoaxes were a serious drain on vendor and corporate service desks, and several papers at VB97 addressed the issue. However, hoaxes continue to proliferate and computer users continue to react inappropriately.
While awareness of some of the cruder hoaxes has increased in the sense that more people can recognise them, the proportion of seasoned veterans to clueless newbies has probably actually declined as the Internet has become EveryUser’s playground. Furthermore, the load on support staff arising from related nuisances hasn’t necessarily decreased. The focus has changed, but policies, strategies and information resources haven’t kept pace with the convergence of different email phenomena: viral marketing, spammed hoaxes, spammed viruses, viruses which piggyback hoaxes. Increasingly, malware writers, spammers and hoaxers use similar social engineering techniques to trick the recipient into accessing a tainted resource (document, program, web-site).
This presentation undertakes an overdue review of identification heuristics, policies and strategies, going beyond dictionary and simple heuristic detection of hoax virus alerts and placing them into the context of other channels of malice and misinformation and appropriate management techniques, including
- Multiple ingress and egress wrapper and content filtering using gateway scanning tools to increase transparency
- Integration of measures against mail abuse into enterprise security education and policy implementation.