BlackWorm aka BlueWorm aka Nyxem aka Grew aka Kapser aka Blackmal aka Tearec aka MyWife is making some noise this week. It’s just another in a long line of relatively uninteresting VB worms – why are so many people clicking on it? How do we know how many people are actually clicking? BlackWorm logs each infection to a webstats counter. Last time I checked it was over 453,000 users infected. A variant from 2004 made it to 920,000 infections, so clearly plenty of people are still willing to click on whatever attachment they are sent.
The one thing that can stop these worms is user education. That’s certainly a point of contention with many people, who claim that users at a certain level simply can’t be educated. Probably because we’ve taken the wrong approach to user education. Providing information is not education. Education is sticking your bare hand on a hot stove. The problem with viruses is, there are plenty of users sticking their hands on a hot stove, but don’t realize it’s hot – so the education doesn’t occur.
We’ve all heard the anecdotal story about the BOFH network admin who periodically sends his users executable attachments, warns them not to click on it, and then some form of public humiliation/punishment ensues when the user clicks on it anyway. We need to be doing way more of that. For example, instead of blocking executable attachments at the gateway, strip and replace the attachment with one of your own making. Something suitably humiliating. Anyone doing anything like this already they’d like to share?