National Infrastructure Protection Center

 

Trust But Verify:
A Guide to Using E-mail Correspondence

December 2001

 

The White House recently announced that the Friendship Through Education organization (www.friendshipthrougheducation.org) established an e-mail pen pal program with school children in the United States, Bahrain, Pakistan, and Egypt. The goal is to promote peace and understanding between the citizens of the United States and Islamic nations. In support of this initiative the National Infrastructure Protection Center (NIPC) is providing some recommended security practices so that U.S. school children may participate safely, protecting the computer systems they use at home, school, or library. The program has excellent potential to build a peace bridge between cultures. Our recommendations are designed to assist teachers and parents to guide the participating students to practice good computer security habits, not only for this program, but always.

"Trust but verify" is a slogan that is appropriate for securing computers from malicious code passed as an e-mail attachment. It is very difficult to know exactly who is on the other end of an e-mail or chat session, as passwords do get lost and stolen. Most computer users know that they should beware of opening e-mail from strangers. But countless viruses have continued to spread and re-spread, because they were sent via e-mail from someone who appeared to be trusted. Individual computer users can drastically reduce the spread of viruses and other malicious computer code with a few simple steps including verifying the authenticity of an attachment before opening it.

Developers of computer viruses have been successful using social engineering to victimize the typical computer user. We have witnessed many viruses spread by e-mail attachments, masked by subject lines that are designed to be enticing to the recipient.

The computer virus developer�s goal is to manipulate authorized trusted users to unwittingly circumvent computer defenses and allow a malicious code infection. Even users who exercise disciplined adherence to security policies have been lured to open attachments titled "Anna Kournikova," "I Love You," and recently "Peace between America and Islam" which exploited human emotion about the violent acts of September 11, 2001.

We may have difficulty understanding the motivations of virus developers, but we must recognize that it is consistent with their methodology to exploit curiosity. We should expect to see viruses designed to proliferate by association with popular themes or ideas. As headlines develop regarding news events or issues popular with the audience, expect to see those used as e-mail subject lines to mask a malicious attachment.

NIPC and computer industry partners publish advisories to educate computer users of best security practices. Many of these publications recommend consideration of the following steps to reduce the chance of computer virus infections:

  1. Close the preview pane of your e-mail program. The preview pane is the feature that shows you the contents of an e-mail before you choose to open it. It is often displayed below the pane that displays a list of e-mails, their titles and time of receipt or transmission.
  1. Disable the Java script and Active-X features of your web browser. Java and Active-X were designed to run more advanced features and to use services or make changes on the computer you are using. Unless these features are explicitly required, it is safer to deactivate them to prevent malicious scripts from infecting or compromising the computer or the network.

  2. Equip your computer with an anti-virus program, maintain the most current version, and select the user options that give you the most protection. There are several different types, not just different brands. Some anti-virus programs search for specific file "signatures," others monitor a computer program�s activity and prohibit virus-like behavior. There are also cost-free scans from vendors via the Internet that can scan your hard drive and removable disks. Ensure that your anti-virus program will screen attached files.

  3. Save attachments to a disk before opening. Do not open the attachment directly from the e-mail program. Save it to a disk, preferably a removable disk, and then scan the disk with an anti-virus program.

  4. Do not open e-mail attachments from strangers, regardless of how enticing the subject line may be. In addition to e-mails containing damaging computer viruses, there has been malicious spam. The spam plays off human curiosity. It may be an e-mail message or a redirection to another web page. The action is often to solicit donations to organizations claiming to be charities, or barraging computers with pop-up advertising.

  5. Be suspicious of any unexpected e-mail attachments from someone you do know. It may have been sent without that person�s knowledge from an infected machine. The Sircam virus continues to spread by automatically e-mailing itself between users who expect to communicate. Also, someone might have stolen a trusted person�s password and is pretending to be that trusted person.

  6. Verify suspicious e-mail. In the event you receive e-mail from someone you know, that has a suspicious title or attachment, contact the sender or the program coordinator by telephone or send them a new e-mail asking them to verify that they did intend to send you that e-mail.