E-mail viruses are hitting enterprises more often. The
reason does not lie in new virus technology but in the complacency of
people who continue to open infected e-mail messages.
See news story:
Virus poses as nude Jennifer Lopez photos
The Jennifer Lopez virus marks at least the third major outbreak in the month of May alone. On May 17, the Mawanella worm, which propagates itself through e-mail, caused system delays for businesses across the globe. It came just after the Homepage worm, which was released May 8. Like Melissa, I Love You and similar worms, these viruses activate when the user opens an e-mail message infected via a .vbs attachment.
Jennifer Lopez, Mawanella and Homepage tell the same old story. They proliferate using the Outlook address book. From a technology standpoint, these viruses offered nothing new--and that caused a new problem.
With the increased frequency of e-mail virus attacks comes a relaxed attitude on the part of people. If the virus does not affect the desktop, some people will tend to think of the "mail storm"--with its slowdowns and shutdowns of messaging servers--mainly as a problem for the IS organization. Yet even the most virus-aware person finds it hard to maintain diligence in not opening suspicious e-mail or e-mail attachments.
Most people get more e-mail than they can manage. Virus-proliferated e-mail messages feed already overloaded inboxes, and people become careless. As a result, complacency spreads viruses faster than technology can catch them.
IS organizations should educate continually on how to protect against e-mail viruses--not just during virus crises. Such education must supplement a strong security policy and infrastructure.
Given that the common denominator among recent worm viruses is that they spread through .vbs files, IS organizations--at a minimum--should strip .vbs files from all messages at the enterprise boundary, at the SMTP gateway and at the messaging server. Very few workers get legitimate messages with .vbs files--especially from outside the company--and companies can no longer afford the risk that some of those files might not be safe.
(For related commentary on e-mail viruses, see TechRepublic.com--free registration required.)
Entire contents, Copyright ? 2001 Gartner, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.