Yes, ignorance was the helping factor for ILU. And as much as I blame naive users for clicking blindly, and also Microsoft for allowing vb scripts to run unseen and unwarned, there is another group that I'm astounded by for their blatent lack of help: the so-called IT professionals or sys-admins who run their business' (or orginization)'s e-mail servers.

In our orginization (unnamed), we had about 15 IT professionals and "admins" running around in panic, trying to tell everyone not to open this e-mail... or in fact, not to check their e-mail for awhile, because our mail server was being flooded to the point of death.

Funny enough, in our division, we had placed a simple filter rule in our mail server to block any e-mail with the ILU title(s) and any e-mail with a VBS attachement. The would-be recipient was then notified that their e-mail was filtered and should contact the named sender to see if the e-mail might have been a valid (non ILU) e-mail. Within an hour, our traffic had fallen back down to near-normal levels. Why? The vbs file was not being broadcast out every 30 seconds from our mail server, which gave us some breathing room to go remove the script from people's machines.

My point is this. The other IT "pros" and admins, had no clue that such a filter was even possible.... not to mention they had never stopped to consider that they could actually HELP the scenario. If more admins would have at least tried to add some kind of filter, the exponential growth of traffic on the internet would have at lest been lessened.

These "clickme" scripts (I won't call it a virus, it's not) will just keep coming, and I expect that there will always be unsuspecting users who fall prey to the trick. But come on professionals!! Where are your witts? Let's get beyond that 2 day conference from a year ago where you learned how to boot your MS Exchange server! Become a real admin and become VALUABLE to your company!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/32/1836#1836