Do the Recent Viruses Have Specific Targets?

Two distinct types of e-mail-borne viruses, known by their subject lines as "Here You Have" (or "Just for You") and "David Leadbetter's One Point Lesson," have been jamming e-mail boxes for the last day or so and are trying to trick victims into clicking on attachments to infect computers. But unlike the infamous e-mail attacks of a decade ago, such as Melissa, which widely blanketed the Internet, questions are being raised as to whether these latest attacks are far more targeted.

From the NW archives: Melissa virus turning 10

Artwork: Chip Taylor
News reports are popping up about ABC/Disney, Comcast, Google, Coca-Cola and NASA being hit by what's being called the "Here You Have" virus while the second totally different "David Leadbetter" e-mail-borne virus is also in circulation. According to Don Gray, chief security strategist at Omaha-based security managed services firm Solutionary, most of the anti-virus security firms now have protections in place against what were zero-day threats. But he also notes that this latest e-mail-borne virus wave could be far more targeted than virus events of several years ago.

"I don't know if it's targeted, but it's not a blanket mass where everyone is getting sent this to them," says Gray. "Seems like they're trying to go after high-value targets."

For instance, out of Solutionary's hundreds of customers, only a handful seem to have been hit by either of the latest e-mail-born virus attacks. Some of them have been utility companies, he notes, raising the question of whether someone is targeting news media for the exposure but also going after preferred targets, perhaps even critical infrastructure targets.

Even as investigators pull together what they know about the latest wave, Gray says the Web sites and -- which appear to have been linked to malicious downloads associated with the "Just For You" wave – have been shut down.

But "Just for You" and the "David Leadbetter One Point Lesson" virus (technically both are viruses, not worms, since they don't aggressively go out looking for new victims) are distinctly different and hence protective measures against them would be different."Just for You" is a .scr pseudo-PDF or in some cases a video and once the victim clicks on the attachment, the malware will go looking for security software on the victim's desktop and try to install a drop file, which gives the attacker a way to do more damage in the future.

The "David Leadbetter" virus is a real PDF-based attack, and a very sophisticated one, says Gray. It utilizes a stolen VeriSign certificate issued to and bypasses Windows security protections on Windows Vista and Windows 7, according to Solutionary.

While updated signature-based defense is available (Sourcefire issued its own last night), some Solutionary clients are blocking .csr and other attachments at the gateway due to the virus wave and some for the moment have made the decision to not use desktop Adobe software or disable JavaScript. Other approaches can include endpoint hardening, but Gray notes it's clear that a renewed effort should be made related to "security awareness" among corporate employees.

E-mail-borne viruses were commonplace a decade ago, but this week represents a new wave not seen for a long time. Younger employees may be used to clicking on apps and it may be they're not as aware of the risks associated with e-mail attachments and executables, says Gray. It's all "basic," he notes, but has to be reinforced with a new generation of employees.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Do the Recent Viruses Have Specific Targets?" was originally published by Network World.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon