Please enable javascript to view this page in its intended format.

Queen's University

Help and Support

Social Engineering Masks E-card Virus Threat


from "The Gazette," 13 April 2009


Oh, what a difference a day makes.


The e-card virus first hit Queen's on February 25th. Hundreds of computers were infected over a very short period of time, crippling business as usual across campus and at the IT Support Centre (ITSC). "For the first time in our history, we had to turn people away," says Brian McDonald, Coordinator of the ITSC. "The volume was enormous, and removal was complicated because the virus could manifest itself in multiple ways."


The mechanism for distributing the e-card virus was not new - sending a virus as an executable file in an email attachment, which then propagates by sending itself to all the contacts in the user's address book, has been around for years. What is new is the social engineering used in packaging such viruses so as not to arouse suspicion. Who wouldn't be happy to receive - and open - an e-card from a friend or colleague? Also, newer, more sophisticated viruses are better at hiding themselves on the user's system, making them harder to detect, and they can also give the appearance of having been removed when in fact they are still there.


The good news and the bad news about this virus are the same - some simple safety precautions and awareness on the part of computer users would have prevented the vast majority of problems it caused. First and foremost, you should never click on email attachments with a .exe or .zip extension. The fact that these attachments appear to have come from someone you know is exactly what these viruses seek to exploit. If you aren't sure the attachment is legitimate, email the person you think sent it to confirm.


Every computer user should install, update and regularly run Symantec AntiVirus, which is available free of charge to every member of the Queen's community. Installing the latest updates and security fixes on your operating system is also critically important for everyone, not just those using Windows.


The e-card virus was particularly difficult to treat for a number of reasons. No fix was publicly known or available, so the analysts at the ITSC had to devise a workaround based on limited information. Unfortunately, the workaround was a time-consuming process (about 4 hours per machine) that could not be effected by the end user and required the intervention of a specialist. Furthermore, even after the investment of several hours of time, there was no guarantee that the virus could successfully be removed.


The impact of the e-card virus on the ITSC was significant. During the week of February 25th to March 4th, they answered 637 phone calls and logged 964 Footprints issues, both significant increases over the norm. Ultimately, over 400 issues requiring intervention by the ITSC were attributed to the e-card virus, with each intervention requiring multiple contacts with the user, diverting resources from other problems and other services offered by the ITSC. Furthermore, these numbers don't reflect the complete picture across campus. The ITSC worked closely with many departments, and their workaround was shared with a number of ITAdmin Reps who repaired systems within departments, thereby avoiding the queue at the ITSC.


ITServices offers free workshops on Safe Computing to all Queen's faculty, staff and students. The next session will be held on Wednesday 22 April. You can register for this workshop online. To learn more about computing safety and the Electronic Information Security Guidelines, please visit the security section of the ITServices website. You do have the power to protect yourself.



Kingston, Ontario, Canada K7L 3N6 613.533.2000