Mail servers across the country on Tuesday were going, going, Goner, at least for a little while.
The City of Calgary, Industry Canada and the University Health Network all fell victim to the latest worm named Goner.
According to Bob Shaw, chief information officer of the City of Calgary, network traffic surged around 10:30 a.m. Tuesday morning. In response, he says all Internet access was shut down until the problem was identified. E-mail and calendaring were still offline as of Wednesday morning.
“We’re just going through a simple logical, bring it back up process,” Shaw says. “Make sure there’s nothing kind of lagging out there. We’re taking the ultimate precaution.”
Shaw says the city uses Microsoft Corp.’s Outlook e-mail application and Symantec Corp.‘s Norton Anti-Virus program exclusively and this is the first worm that has caused any problems.
“We’re fending them off (worms and viruses) all the time,” Shaw says. “It’s a continuous barrage, but this is the first time we’ve got to the point our internal systems weren’t handling it to our liking.”
John Stalker, manager IT security for Industry Canada, says a spike in e-mail traffic was spotted Tuesday afternoon. He says e-mail was shut down until the cause was isolated and had 99 per cent of users back up soon after. Like Calgary, Industry Canada is an Outlook and Norton user.
The University Health Network also confirmed it had Goner-related problems, but could not provide further details at press time.
Like other worms, Goner spread itself though the user’s address book and used the subject line “Hi”. The body contained the message, “How are you? When I saw this screensaver, I immediately thought about you. I am in a harry (sic), I promise you will love it!” and attached the file Gone.scr. Users had to double click on the file to set it in motion. Simply viewing the e-mail in the preview window would not activate it.
“What’s astounding, quite frankly, about this one is that if anyone had the habit to look for the same subject line and the same repeating body and then just trashed it, they would have been perfectly OK,” says Gus Malezis, general manager of Network Associates Canada, makers of the McAfee anti-virus program.
“An incredibly overwhelming majority that saw this thing opened it.”
Malezis says while the worm isn’t very destructive, it is dangerous.
“What’s interesting about this one is it tries to disable the counter measure elements you can put in place,” Malezis says. “It would do that for our product, it would do that for Symantec’s and a number of other products, and it would also try and delete firewalls.”
For the most part, however, it was unsuccessful. Malezis says it only achieved its goal on systems running Windows 95.
While Goner was not entirely successful, IT managers are left to wonder what they can do to protect their networks. Malezis says anti-virus companies need to a better job and refuses to place the onus on users.
“People have a primary function and it is not to think about viruses,” Malezis says. “We really can’t rely on the users to be security guards.”