The recent spate of viruses and worms to hit the net — notably Sobig, Blaster and Mimmail — have once again proven that people need to keep their antivirus programs current, their computers patched, and a skeptical and wary on any unexpected (or even expected) e-mail they receive. It’s also shown that the major anti-virus companies are stuck in 1999.
Over the last few weeks, I’ve been deluged with virus e-mails, both at home and at work, and I’ve diligently added them to my spam filter. I received an equal, if not greater, amount of e-mail from anti-virus software informing me that an e-mail that I sent was infected with a virus, even though I’m on a Mac, which isn’t susceptible to these particular viruses. I didn’t send these viruses. I couldn’t send these viruses. And yet, every day I receive another nastygram informing me of the evil which I have unleashed upon cyberspace.
So why do these programs think I sent infected e-mails? Simple. When they infect a machine, these viruses (well, some of them — Sobig and Mimail do this … Blaster was spread via networks) send out e-mails to every e-mail address they can find in its victim’s address books, Web browser caches, and a couple of other places. When it sends these e-mails, it forges the “From” field, so the person that you received the e-mail from is not the actual person you received the e-mail from.
Dastardly trick eh?
A big problem with this, aside from people thinking that your machine (or your company’s machines) are infected, is that almost every major anti-virus software has e-mail scanners designed to find and kill viruses in e-mail … and to then notify the sender that a virus was found.
And now the problem becomes apparent. The current “from”-field spoofing viruses are sending these anti-virus programs into an insane frenzy of notifications, sending out millions of announcements informing people that they’re infected with viruses that they don’t have.
These announcements do nothing to solve the problem — indeed, they compound it by getting people mad at individuals who aren’t infected while simultaneously adding even more flotsam to our already jetsam-filled electronic pathways.
Don’t get me wrong. These kinds of warnings had their place … in 1999, when you could still count on the “from” field being legit. But nowadays, they’re doing more to confuse the problem than solve it. It’s time for anti-virus companies to finally step up and do their part to relieve unwanted network traffic by ditching these antiquated warnings.