A Revolution is the Solution
brave post. and yeah, im fed up of looking at whatever the latest storm tactic happens to be. ive seen too many pieces on this myself where nobody is actually pointing out not to click bad links.
as you say, its obvious. but possibly a little *too* obvious for the people this is hitting daily.
in conclusion, more telling joe schoe what not to do, and less trying to dazzle me with the latest change to some text in an email.
Meh, wouldn't really call it a "brave post". Just something thats been bugging me.
hehe...
...lol.
That's a good point. It's especially true if you read several security blogs... and they're pretty much saying the same thing.
But you know there's the same problem with rogue programs... New rogue here, new rogue there... same user interface, different name...
To come back to the Storm Worm, these people are getting a lot of pubilicity... You have to admit they are also getting clever with the fake youtube links... I'm sure lots of people fell for that one...
Anyhow, maybe I'll make a Storm Worm photo album with collage and stuff and send it to you for Xmas!! lol
I think the difference with rogue applications is that the name itself inherently warns people away - they see "rogue", they see the screenshots of pages asking for bank details and desktops hijacked with "youre going to jail, pay us now!" and they KNOW its bad.
with stormworm stories, people just dont seem too sure what it actually is, or does, or what it looks like. they dont understand "botnets" or what net looks like, but they DO understand when someone says not to click on something.
all ive seen recently is people getting wayyyy too excited over telling us about endless changes to the text in the emails and not enough common sense advice to go with it.
because of the vagueness of advice as to how yuo actually get infected in the first place, i think people are clicking next....next.....next just to see what the fuss is all about, without realising they can join the storm botnet with only a click or two.
sorry for the long ramble, good post.
I remember during the ILoveYou VBS virus. A user on our network said, "Rich, what's wrong with this file I've just received. I click on it and it does nothing."
I replied (with a touch of horror), "How many times have you clicked on it?"
The answer "5".
Ahhhhhhhhhhhh.
We wrote our own innoculator within an hour. IT wouldn't apply it though, not until McAfee provided their fix. That was several hours later and did exactly the same thing as our patch. Sheesh.
"How many times have you clicked on it?"
The answer "5".
Ahhhhhhhhhhhh."
Whoops. On the bright side, there's something skull poundingly funny about the above quote :D
Its like activeX content how many times do you have to tell people not to click on activeX that you have not checked out,
It drives me crazy when people start telling me that their system crashed after they clicked an activeX box :-(
Actually PG, it got even better.
A good few weeks later, most client PC's on site hadn't been cleaned of the "infected" JPEG files. Our IT boss then accidentally clicked on an infected (well, replaced with a VBS script) file and kicked off the whole thing again! Even more unfortunately, this was on the managing director's laptop. I nearly soiled myself laughing.
I think the main problem is that the average Internet user is just presented with a vast amount of information and often feels overwhelmed. Thence they are just going along thinking "ah, I am sure this wont happen to me" and then come to "us" / the forums for help. Only then, when they realise how serious it is, some (not the hard core crack downloading twits), will get aware of safehex and what to do to minimise the trouble.
Now in regards to the storm worm, I totally agree with LoPhat and the vast attention paid to the storm worm does come with a negative vibe. I am always pleased to read SB and FS (oops sorry, sunbelt and fsecure) blog, as they are not just promoting their tools, but are actually writing good posts with comon sense.
Sorry for the long ramble, guess we Germans cant live on short sentences :/.
Johannes
Hi Yourhighness
i disagree the average Internet user is daft stupid dense dumb and thick..
They see a report that says dont click this and what happens the first time they see it ? thats right they click the thing.
If car drivers where like net users half the drivers in the world would be dead on a yearly basis..
Hey milligansghost, I think you misunderstood me. I evidentally meant the same, just had the "innocent" thought that after being cleaned in the HijackThis forums, they are getting a bit wiser. I guess not lol 
- I totally agree with you on the clicking thing 
Commenting by HaloScan
