Sunday, February 18, 2001

'Anna' virus serves up e-mail headache

Software, user awareness can help keep files secure

By John J. Byczkowski and John Eckberg
The Cincinnati Enquirer

E-mail users thought they were opening a photo of tennis player Anna Kournikova and got a virus instead.
(AP photo)
| ZOOM |
        John Strucke knew better, and he did it anyway. Last week, the Burlington, Ky., businessman got an e-mail from an old friend, with the subject line “Look at this.” The message said “Hi. Check this!,” and pointed to what appeared to be a file containing a picture of Anna Kournikova, the Russian tennis player.

        “I thought, "Why is she sending me this?' and so in a knee-jerk reaction, I opened it,” he said. “Nothing happened, so I made a mental note to call her later.”

        Within five minutes, his computer was bombarded with e-mails from computer system administrators throughout the United States. The messages claimed e-mail he had just sent contained a virus.

        E-mail? What e-mail?, he wondered.


How viruses work
        What he thought was a picture turned out to be a bit of malicious code, a script that copied addresses out of his e-mail address book and remailed itself to everyone on the list.

        That's basically what the “Love Bug” virus did last summer, when hundreds of businesses, government offices and universities saw their e-mail systems crash. Many users got the message, that the battle against computer viruses demands constant vigilance.

        And that's why the Anna virus last week didn't cause the same, widespread trouble that the Love Bug did. Those nailed by Anna either didn't get the message, or they let their guard down.

        “What gets me is this didn't come from some prankster,” Mr. Strucke said. “If it had, I would never have opened it. This came from a sweet little old woman in Atlanta. So far, I guess it's cost me two days of work.”

        In the old days — 1988 or so — keeping your guard up meant buying and using antivirus software, and being careful about where you got floppy disks. Today, it means buying and using antivirus software and not opening every e-mail attachment that comes through the wire.

        Antivirus experts say the situation is getting better and worse at the same time. Chad Mattix, president of Pinnacle Computer Corp., a Cincinnati company that screens e-mail for corporate clients, said security is getting better.

        The first alert on the Anna virus went out late Monday, he said, so Pinnacle began to screen out mail coming through with “Here you have” in the subject line. Antivirus software companies issued the cure Tuesday, and the mail was cleaned up.

        The time between alert and cure is getting shorter, Mr. Mattix said. “We were successful in blocking that from going into our clients' systems,” he said.

        On the other hand, e-mail — the biggest carrier of viruses today — is booming. The first time Pinnacle handled a half million pieces of e- mail in a month was September. It crossed the 1 million level in January and is already over 1 million for the first two weeks of February.

        It's not just that Pinnacle is signing more and bigger clients. Businesses are sending more e-mail, using it not just for correspondence but mailing invoices and contracts as well, Mr. Mattix said.

        With e-mail blossoming, even a small virus problem can spread to a large number of computers. The Anna virus last week “was another reminder that people still don't pay attention,” said Joe Wells of Pahrump, Nev., keeper of the Wild List, which tracks active viruses.

        One problem with keeping users' attention is that antivirus software companies overstate the virus problem, he said. Companies boast their programs protect users from 50,000 viruses, but most exist only in labs, and about 20,000 are DOS viruses that don't work in the Windows operating environment, he said.

        The Wild List counts only viruses “in the wild,” that have been reported in at least two sites. The number of viruses in the wild in December: 232.

        Because antivirus companies use numbers that are larger than the threat, users believe the industry is crying “wolf!” Every now and then, however, there really is a wolf.

        “After all of these viruses — I love you, Melissa — the only reason they spread is because people aren't us ing antivirus software,” said Ben Gottesman, executive editor of PC Magazine. “So many people are still not protecting their PCs, their servers.”

        Antivirus software costs about $40 for a home PC, and it typically comes with one year of free updates to keep the software current with the virus threat.

        A contributing problem comes from e-mail software, particularly Microsoft's Outlook and Outlook Express, the most popular programs. Critics charge that those programs are vulnerable because Microsoft's effort to tie them to the Windows operating system has left open some big security holes.

        Users can close those holes, if they know how, but it's not easy. Software patches for Outlook that close those holes became available for download from Microsoft's Web site in November, but not every user has done that.

        In software, “usability and security are opposites,” Mr. Wells said. “The more security you have, the less user-friendly it is.”

        Microsoft responds that Outlook's popularity alone makes it the target for virus writers.

        “It isn't just an Outlook issue,” David Jaffe, a Microsoft product manager, said. “Since we have so many Outlook users, it just happens to bubble up.”

        The security patches add pop-up warnings when another program tries to access the e-mail address book, and adds settings to delete threatening e-mail attachments. Most of the fixes, however, are changes to security settings that users can do without the patch.

        “A big part of why you're still seeing this is they're trying to give you rich e-mail ... with all the features of a Web page, but all the weaknesses of Web pages,” Mr. Gottesman said. One of those weaknesses is the ability to run scripts, which made the Love Bug and Anna dangerous.

        The next version of Outlook, due out later this year, will have many features that make it less vulnerable to attack from viruses, Microsoft's Mr. Jaffe said.

        If Outlook becomes a less-likely target, virus writers will probably move on. In August, the first virus targeting wireless Palm Pilot devices was discovered, and Web-enabled cell phones are also threatened.

        Computer users aren't the only victims here.

        “It's awful,” said David Schwab of Octagon, the Washington, D.C., sports management and marketing firm that represents Ms. Kournikova, the tennis player. What does she think of the the perpetrators of the virus?

        “Her response? We want them caught,” he said.

        A 20-year-old Dutch citizen — and fan of Ms. Kournikova — turned himself into police Wednesday as the creator of the virus.


- 'Anna' virus serves up e-mail headache
Napster opened Internet's potential
Demand increasing supply of lobbyists
Companies team to provide heating oil
Tristate business notes
What's the Buzz?
Industry notes: Commercial real estate
Americans lead in startup investments
Self-employed found niches in '80s, '90s