back to article First impressions count when the world is taken by surprise by an exciting new (macro) virus

Welcome to Who, Me?, The Register's weekly reminder, thanks to the recollections of our readers, of a time when it was only viruses of the computer variety that were all the rage. Today's tale of oops comes from a reader we'll call "Sam" in order to protect the identity of the woefully foolish. Not that Sam was at fault here. …

  1. amanfromMars 1 Silver badge

    Something which cannot be denied nor avoided and effectively ignored for any short length of time? *

    Ever been the canary in the virus coalmine, only to find your warnings ignored? Or unwittingly unleashed macro horror upon the world? It is time to make your confession to the sympathetic vultures of Who, Me?

    Well .... I would just have to say there is voluminous evidence which more than suggests certainly yes and yes again and often. It is though apparently quite normal in spaces and places entertaining humans and par for the course in novel virulent environments.

    * 'Tis the vital incorrigible nature of the beasts unleashed/daemons servered.

  2. jake Silver badge

    Warnings ignored?

    This is IT. Our warnings are always ignored. About everything.

    1. Evil Auditor
      Thumb Up

      Re: Warnings ignored?

      I believe in this story it was the IT who ignored the warning.

      To summarise (with and without recent events in mind), we all ignore warnings. And we know how to deal with them: Four Stages Strategy

      1. jake Silver badge

        Re: Warnings ignored?

        Yes, in the story it was IT who ignored the warning. However, ElReg posed the question to us commentards, many of whom are in IT (or so rumo(u)r has it).

        1. Evil Auditor

          Re: Warnings ignored?

          many of whom are in IT

          Darn, I always wondered why El Reg has all this IT stuff once I leave Bootnotes...

          1. Aladdin Sane Silver badge

            Re: Warnings ignored?

            Why would you leave bootnotes?

            1. DJV Silver badge

              Re: Why would you leave bootnotes?

              Simple, one note has a big L and the other a big R.

              1. This post has been deleted by its author

                1. Aussie Doc Bronze badge

                  Re: Why would you leave bootnotes?

                  He didn't have a leg to stand on.

                  Oh, wait.

        2. BebopWeBop

          Re: Warnings ignored?

          Yes, one of my partner's University colleagues who is particularly accident-prone around IT gave rise to the saying "Ruma (her name) has it and the rest of us don't'

          1. John Doe 12

            Re: Warnings ignored?

            I hope poor Ruma never takes a holiday to Finland :-D

      2. amanfromMars 1 Silver badge

        Warnings ignored? Be warned of both possible and probable consequences/results.

        To summarise (with and without recent events in mind), we all ignore warnings. And we know how to deal with them: Four Stages Strategy ..... Evil Auditor

        Elsewhere though, there are surely myriad alternative arrangements also easily employed whenever the problems/vulnerabilities/opportunities one sees and advises and/or warns everyone about, if such things are not heeded at home for all manner of necessary administrative system executions and engagements, which automatically migrate them from what would be a barren brown field site to any greener foreign land.

        There to rest and be considered for future overwhelming advantageous use which could easily be construed by an enemy opponent or bested competitor as flagrant wanton abuse, which it might very well be.

    2. 2+2=5 Silver badge

      Re: Warnings ignored?

      > This is IT. Our warnings are always ignored. About everything.

      Is that a warning?

    3. Captain Scarlet

      Re: Warnings ignored?

      I've been more than ignored before, a number of staff have made a mailrule that redirects emails from me into the bin.


      1. Joeyjoejojrshabado

        Re: Warnings ignored?

        Yet as we know, the bin is where all the important emails are to be found.

      2. The Oncoming Scorn Silver badge

        Re: Warnings ignored?

        We installed an automated report phishing tool at great expense at one company.

        Big information e-mails went out, information displayed on company screens in the break room.

        Did anyone read or take notice of them - Did they hell!, the e-mail would come in & they would still forward it directly to IT with a "I think this is suspect!" rather than use the tool (Highlighted with a BIG RED Icon) on the toolbar.

        What I did find was, when a user put in a ticket for a issue & the fastest solution was to ship new hardware I would request their credentials via e-mail (With a warning that if not received by X time their credentials would be reset*) with the original ticket number. Despite coming from our own IT Department, despite quoting the ticket number that they had for their issue, despite CC'ing in their boss. They would query it, but when presented with a online "OneDrive" Portal, I'll put me credentials in without hesitation.

        *When the replacement hardware was shipped the password was reset (Again) & password change enforced.

    4. amanfromMars 1 Silver badge

      Re: Warnings ignored?

      This is IT. Our warnings are always ignored. About everything. .... jake

      Ok, ..... however, if that be so, both it and IT can be, and therefore always are, both in somewhat of a dangerous and quite unfortunate situation, for vulnerabilities and ineffectual defences are always ruthlessly exploited for immense personal advantage in any system intelligently designed to capitalise on that which is ignored because it is missed as being at its best whenever realised as being surprisingly better than all the rest at something novel and accommodating to engage with ....... and that can immediately morph into something which one has to make deals with from a severely compromised and catastrophically disadvantaged position ie forced to present whatever it takes which is whatever the principal driver wants, which bears absolutely no relationship at all to what may just be needed.

      As an example of such a position ....... think a stone age type nation state threatened by a force with nuclear weapons ...... although of course nowadays such blunt barbaric kinetic explosive weapons are useless against simple internetworking virtual sources providing rich targets for attack and decimation or pretty ugly total annihilation.

      Who says IT and AI aint great fun to play with, whenever so much is so easily deployed and displayed and done ‽ .

  3. aje21

    Interesting, but another which is closer to "on call" than "who me?" - perhaps "why me?"

    Perhaps I don't get the purpose of "who me?" but I thought it was a place to fess up about something you did wrong (and got away with) rather than things you did right...

    1. lglethal Silver badge

      Re: Interesting, but another which is closer to "on call" than "who me?" - perhaps "why me?"

      Maybe El Reg commentards are just so good, there's just not enough cock-ups to write stories about!


      1. Fatman

        Re: Interesting, but another which is closer to "on call" than "who me?" - perhaps "why me?"

        That sounds more like Computerworld, where Its Shark Tank column has had to resort to only 4 postings a week, instead of it previous 5.

        1. Stevie

          Re: Interesting, but another which is closer to "on call" than "who me?" - perhaps "why me?"

          That was because they discontinued the free T shirt for a story scheme.

  4. Will Godfrey Silver badge

    It seems almost the entire world ignores warnings

    Just look at the coronavirus situation

    1. jake Silver badge

      Re: It seems almost the entire world ignores warnings

      The corona virus warnings are ignored because the general public are tired of listening to the WHO crying wolf year after year, coupled with the fact that everybody knows that the government always lies about everything to get re-elected, and the News over-sensationalizes everything to sell bog-roll, tampons and beer. It's as simple as that.

      1. Muscleguy Silver badge

        Re: It seems almost the entire world ignores warnings

        We dodged a genuine bullet over SARS only with a huge effort. Those countries which were hardest hit by SARS have responded better than those which weren’t like here in the UK. I know someone who worked in the building next to the affected Toronto hospital with connecting corridors. They closed the connections and mandated which doors they could use.

        With SARS symptoms correlated with infection which moved fast so monitoring the temperature of travellers worked. Covid-19 takes its time producing symptoms, 5 days seems normal, meantime you are spreading virus. Many have only mild cold like symptoms, some have none at all and become super spreaders.

        The death rate from Swine Flu went up but the effect was blunted by vaccine rollout. It was the first flu after I stopped being able to have a flu vax (allergic reaction) and I got it. It literally knocked me flat, I didn’t have the energy to sit in a chair. I HAD to lie down. But it left my asthmatic lungs alone.

        Your insouciance and that of others like you is based on ignorance. Those ‘scares’ were genuine emergencies which were blunted by huge medical and scientific efforts. I’m a Biomedical scientist so I understand this. Wise up. The WHO doesn’t scaremonger. Sometimes it is too slow to get going.

      2. phuzz Silver badge

        Re: It seems almost the entire world ignores warnings

        to sell bog-roll, tampons and beer

        Yep, it's all down to a perfidious cartel of bum-wad manufacturers. Of course. I can't believe the sheeple don't realise this.

        1. jake Silver badge

          Re: It seems almost the entire world ignores warnings

          It's a generic, tongue in cheek, shorthand method of referring to "subsidizing the advertising industry at the expense of telling the truth". But you knew that from the context, didn't you.

          Interesting that you consider brewers "bum wad manufacturers" ...

        2. Stevie

          Re: It seems almost the entire world ignores warnings

          Another "sheeple"-induced downvote from me, and the decision no to offer you an e-beer.

      3. Paul Shirley

        Re: It seems almost the entire world ignores warnings

        It's fair to say government always lies about everything to get re-elected but somehow you slept through the lie being downplaying the covid19 threat, completely denying it in the USA. Lies far too many here in blighty seem to have swallowed whole even after the u-turn at 'vote for us' central.

        A u-turn weeks too late.

        1. jake Silver badge

          Re: It seems almost the entire world ignores warnings

          Where did I sleep through that? Was it where I said "the public are tired of the government lying, and therefore ignore them most/all of the time"?

      4. jake Silver badge

        Re: It seems almost the entire world ignores warnings

        Presumably my downvoters believe that most people are quite happy with the WHO crying wolf year after year, the government continuously lying to get re-elected and the news over-sensationalizing everything to sell advertising.


        For people who have trouble reading for comprehension, note that I was discussing WHY people are ignoring the warnings, not whether or not ignoring them in this particular case is a good idea or not.

        1. Anonymous Coward
          Anonymous Coward

          Re: It seems almost the entire world ignores warnings

          No, they're downvoting you for being an obnoxious prick. Different thing, really.

          1. jake Silver badge

            Re: It seems almost the entire world ignores warnings

            I'd rather be an obnoxious prick than a coward who thinks ad hominem is Latin for "I win this argument".

            1. DJV Silver badge


              I'd offer to send you a shovel but you seem to getting on fine digging that pit even deeper!

        2. Alan Brown Silver badge

          Re: It seems almost the entire world ignores warnings

          WHO don't cry wolf. They issue warnings which get acted on and (usually) the spread of communicable diseases is stopped before they get too far.

          One of the recurring nightmares of any epidemiologist is an ebola (haemorragic fever) variant or pneumonic plague-like disease (Yes, I know y.pestis is a bacteria) with a 14 day incubation period. That would be long enough for it to circle the globe a few times instead of getting down the road.

          As it is, we saw what happened when Ebola's incubation period stretched from 2 days in the original 1970s outbreak to 4 days in 2011 and we've known for decades that the Black Death swept through the cities of Europe like wildfire - far faster and further than rat fleas could carry it - because it got into someone with some kind of flu and went pneumonic on their coughs/sneezes (inhalation of the spores almost guaranteed infection vs any other kind of contact or even flea bites)

          I have friends with relatives in Guinea. The lockdown there in 2011 was severe and harsh, but they managed to contain Ebola - mostly because it CAN'T be air-transmitted.

          If it had got into someone already carrying a common cold the outcome might be entirely different and the entire capital city may well have become a mortuary - this is one of the big dangers of highly infectious diseases - they don't have to spread as an isolated individual illness and the wider they spread the more chance there is of them infecting somoene already carrying something even nastier (Imagine the effect of someone with a bad cold getting noro and sneezing in a public enclosed space...)

  5. Blackjack Silver badge

    Again, Word 6.0

    Word 6.0 was not only the first version of Word that was Windows only (Word 5.5 ran on MS-DOS) but the first that allowed the use of macros.

    Yet the thing was just too useful to not use. And while most people didn't need macros, Microsoft made the stupid choice to enable them by default.

    1. A K Stiles

      Re: Again, Word 6.0

      Around the time of word 6.0, I was doing stuff for a significant UK engineering company.

      Both the CAD software and the Finite Element Analysis (I think?) software had the capacity to save and load the models as a plain text file, though with differing formats.

      In order to convert CAD models from the design software to the analysis software, the official process was to export into plain text, load that into word, run a word macro over it which did the format conversion then save it out again to be loaded into the FEA system... It wouldn't surprise me if they had some sort of airgapped machine still running word 6 in order to still do this...

      1. lglethal Silver badge

        Re: Again, Word 6.0

        " I was doing stuff for a significant UK engineering company."

        Wow that must have been a while ago. Hasn't be one of them around these parts for a long time...

    2. Anonymous Coward
      Anonymous Coward

      Re: Again, Word 6.0

      Word for Windows 2.0 had macros. The day I read about the first ever macro virus which was described as "only possible due to Word 6 having a macro language built in" I had a prototype up and running on Word 2.0 by lunchtime :-)

      1. Blackjack Silver badge

        Re: Again, Word 6.0

        Did Windows 2.0 allow direct memory access? if it did, ouch!

        1. This post has been deleted by its author

  6. Anonymous South African Coward Silver badge

    I Love You

    ... anybody remember that?

    1. Blackjack Silver badge

      Re: I Love You

      Ah yes, the first digital virus that got MASSIVE thanks to e-mail and Microsoft stupid idea of hiding file extensions by default.

      1. jake Silver badge

        Re: I Love You

        The funny thing about "I Love You" is that the first time around, it was a HOAX, and flooded the mail system with massive quantities of people passing along a phony message.

        The message was "don't open or pass along anything with "I Love You" in the Subject line, it's a virus that will send your CPU into an n-dimensional loop that'll burn out your computer" or some such bullshit. The subject line invariably contained the string "I Love You".

        It was the first non-threat email that I wrote nuke-on-sight filters for built into Sendmail in what we would now call a milter. In the first weekend that I went live with it, it was rejecting almost 60% of all email with no false positives.

        The real virus came along around a year later. The name came about because the authors were mocking the people who passed along the hoax.

        1. Robert Carnegie Silver badge

          Re: I Love You

          It was also rather a clever idea for a virus e-mail.

          My boss received the real virus. But he was smart, he did not open it.

          He forwarded it to me in a message that said "I think this may be a virus, do you know?"

          I believe I had heard of it already, so I didn't need to open it and look.

    2. TSM

      Re: I Love You

      One of the first times - but far from the last - in which my life was made a lot easier by being in Western Australia rather than the eastern part. By the time we rocked up to work that day, our IT people in the eastern states had already slammed the gates and sent out emails explaining the issue, and giving us clear directions on what emails to delete unopened.

      These days I work for a company that has its headquarters (and IT staff) here in the west, so we don't have that exact protection, but then the automated filters are a lot better these days, as well as all the anti-macro protections that have been put into place since those days of course.

      The main threat for us now is phishing instead, but I've had far more fake phishing emails from our cybersecurity partner organisation than real ones. It's easy to detect the fake ones: I do a DNS query for the domain name in the link, then do a lookup on that IP and see if it belongs to our cybersecurity partner.

      The ones I thought might have been real have so far turned out to be genuine emails from partner organisations. For some reason some organisations think it's acceptable to send you a "Welcome to our portal" link without any warning. That one turned out to be from the firm that was doing our audit - we'd changed auditors since the previous year so I didn't recognise the domain. I never wound up using the portal anyway; I just emailed stuff to the individual auditors.

      1. FrogsAndChips

        Re: fake phishing

        Just in case I have a doubt, I simply look for "" in the Received headers.

        I sometimes use the "Report Phishing" button in Outlook on legitimate emails, even though I know it's pointless. Now if that button could somehow notify the sender with a proper message, I'd be happy to use it much more often. Something like "Look, if you want me to take your email seriously, you'd better start providing some context and reassuring me that I shouldn't be surprised that you contact me about some urgent invoice or system upgrade. And please speak proper English with correct punctuation. Till then, you'll end up in my Spam folder. TYVM, HAND."

        1. amanfromMars 1 Silver badge

          Re: fake phishing with FrogsAndChips

          Those are good lessons learnt to gain access to Future Learning Programs, FrogsAndChips. The Rocky Roads Way Up Ahead are Renowned for their Exercising of Such Stumbles and Remarkable Tumbles with a Route and Root Travelling towards EMPowerment rather than Exploitation, which always, since even before the beginning of time in space, ends spectacularly in the most fantastic of catastrophic self destructive crashes. Which is good, for the Cancerous Growth of the Exploitation of Compounding Interest is so designed to Kill the Host Stone Dead Failing an Ardent Following.

          And they don't Spam. What you See, Hear and Feel and Imagine as a Truthful Witness is Yours All Told to Behold. Such has phormed all of your Present View from Current Augmented Virtual Reality Operating Systems Supply ....... which is an Almighty Provision with Immaculate Stores of Impeccable Assets.

          Can we tempt you with some Super Duper Future CyberIntelAIgent Security Arrangements/Memoranda of Explicit Understanding and Implicit Instruction Regarding Future Guaranteed Open Sourced Supply of Virgin Stock/Perfect Untainted Product?

          And if you think that is SPAM, whatever way you spell it, you haven't been paying close enough attention to everything which is always so freely shared here on ElReg, is all I would say about that.

          It's easy solved, isn't it. In future pay much closer attention. IT aint rocket science.

          1. FrogsAndChips

            Re: fake phishing with FrogsAndChips

            Wow, never thought one of my posts would receive the honour of a reply from amfM. That made my day!

            1. amanfromMars 1 Silver badge

              Fake Phishing with FrogsAndChips is an AI PowWow Battle Ground of Myriad Accommodating Foxholes:-)

              That made my day! .... FrogsAndChips

              A Gracious Exclamation for Immaculate Seeding of Novel Virtual Content Feeder Operations.

              You know, that Sp00Key Stealthy Special Source Forces Stuff more normally formerly confined to Secure Failsafe Practically Permanent Barracks ..... where it is sustained and succoured ......... or denied in order to try extinguish the inexhaustible supply there is for everyone to simply really wish for what is really needed, as far as one can see and further know simply and innocently as Future Plans for Virtual Derivatives and COSMIC Futures 0Day Trades.

              Not so much for Dark Webs, much more for Deep Diving Delver Thinkers ....... who be quite the Endearing Rascal and Rogue Intimate Tinker to All Sorts if not Quarantined and Defined as Social Leper rather than Virtual Saint and Grand Standard Sinner

              That Trade Knocks on All StateTreasury Doors Struggling and Failing to Generate Further Future Leading TeleAudioVisual Content for Programs to Process and Present to the Media Machines Feeding U New News and Views of the Matter, a Future Realisation in Conversation with the Hosts and Posts of Other Worldly Beings.

              Is it similarly the same for you too? Then ITRealGood which only gets Better with the rate of future progress locked and loaded as Exponential Existential.

              Do you know to What and Where All of that Leads ..... other than to the Supply of Whatever is Wanted whenever and wherever ITRealGood is Seeded and Needed for Sublime Feeds?

              Go on, have an educated guess.

    3. Anonymous Coward
      Anonymous Coward

      Re: I Love You

      And I feel the need to confess my passing on of that virus once. In my defense, I received an infected email from a lady I was courting at the time so I had no reason to think anything amiss. Still, hindsight etc etc.

    4. Michael H.F. Wilkinson

      Re: I Love You

      Indeed, I do. I was working on AIX on an RS6000 machine, HP-UX on my workstation and another *NIX variant on the Cray J932 of our university at the time. I remember getting an e-mail, with heading "I love you" from a sysadmin stating that unfortunately, the automation facilities offered by MS-Windows weren't available on the system I was working on, so could I please randomly delete a few files manually, and send this message on to a random selection of my contacts (manually, of course).

      (Yes, *nix users felt very smug those days)

    5. mhoulden

      Re: I Love You

      I got sent a copy when I was at uni. It seemed a bit odd that a lecturer I didn't know very well would send me a personal note in a Javascript file so I just ignored it. I spoke to a friend about it a bit later. He promptly turned white, ran back to his room and emerged about half an hour later looking pretty shaken. He used email a lot more than I did and he had a lot of contacts.

    6. swm Silver badge

      Re: I Love You

      I remember the I Love You virus. I got it on my Interlisp mail reader on a SUN work station. I, of course, opened it up (in plain text) to see what it was and thought to myself that these guys were really amateurs. I figured that my department could write much better virii in less than a day.

      None the less, many executive types and secretaries caught the virus which we then had to eradicate.

      1. jake Silver badge

        Re: I Love You

        In English, "virii" is properly pronounced "viruses".

        See the FAQ, section F, question 3.

      2. Alan Brown Silver badge

        Re: I Love You

        "None the less, many executive types and secretaries caught the virus which we then had to eradicate."

        We had the repeated "experience" of said types overriding the antivirus software screaming its tits off about the paylod being hostile, disabling the AV and then opening it anyway "because it might be important"

        One of the secretaries filed a complaint about my telling her off to her and making her feel like a naughty 6 year old caught doing something she shouldn't be doing. My formal response was that if she did it again she would be issued with an etch-a-sketch.

  7. SoaG

    The number of times...

    ...all of the staff spot the extremely obvious email w/ attachment from someone they don't normally deal with.

    Then someone in senior management clicks on it,

    Leading to all the middle management to open the same attachment that they'd known not to click on 5 minutes earlier because they're too scared to ignore someone in the C-suite.

    Followed by the brown-noser minority on the front line doing the same...

  8. navidier

    Of worms and men

    When the Morris worm came out, I discovered it on a research VAX I had admin rights to at a large particle-physics laboratory in Switzerland -- no, not that large... (I can't remember if I noticed it myself or got a heads-up from a Usenet newsgroup.) It had got in via one user whose password was the same as his username -- a common practice at the time, hence why the worm was able to spread so easily.

    I analysed it and cleaned it up, then sent a warning to the Institute's IT staff. The response from the head of IT was, "WTF are you?" I replied that I was a research physicist at $LARGE_UNIVERSITY who had been carrying out experiments at the Institute for over two years, and in fact was due to start work as a staff scientist there the next month. He started to take me more seriously then, and we became good friends over the next decade.

  9. Dyspeptic Curmudgeon

    To the Editors at El-Reg.

    The protagonist-auto-anonymizer subroutine needs some AI. This guy should not have been named 'Sam' but instead named'Cassandra'.

    1. The Oncoming Scorn Silver badge

      This guy should not have been named 'Sam' but instead named 'Chas(andra)'.

      Attempted a fix for you.

  10. Anonymous Coward
    Anonymous Coward

    Call me Casamba

    I once did lab support for a large semiconductor company. Our IT support had 3 Samba servers on some pretty old hardware/OS. My lab was pointed 1/3 at each server. Yes, there was a DNS Round Robin, but I was told by the Samba admin it sucked, and to point at the 3 discrete servers. When I would notice one of the Samba servers was inevitably down, I would run a script to re-point my lab to the remaining two and send an email off to the Samba server admin informing him which server was down, and that the other two were about to get hit with increased traffic. About a day later, a second Samba server would fall over and I would switch the entire lab to the one remaining server. Again I would email the admin and warn him his last server was about to crater. Of course, a few hours later all Samba services would fail. The first few times this happened, he would ignore me; I suspect because I had recently left that IT team, and management had been trashing my reputation since my departure.

    About the 3rd post-mortem I got tired of him ignoring me and threw him under the bus, telling the team that I had repeatedly warned him that one, then 2 of his servers were down. Other customers and IT management on the line was not impressed with his lack of response. The IT team eventually upgraded the hardware and software so the Samba environment stabilized, but that was a whole ‘nother fluster cluck.

  11. Aussie Doc Bronze badge


    Have to disagree with Sam, there.

    If you were an avid Word user at that time, then you became the automatic, IT go-to person for the whole workplace.

    Happened everywhere I went during MS-DOS/Windows 3.11 days.

    The person who used the computer the most was 'it' by virtue of the fact that they were, well, using a computer all day - school secretary, personal assistant, anybody.

    <deity> help us if that person wasn't there the day you arrived to sort an IT ticket out "Sorry, Sarah's away today and she's the only one that knows everything about those new fangled shinies."

    Good old days.

    Well, they must know about them coz they use 'em all day, innit?

  12. irrelevant

    Email virus

    I am still fairly proud that I discovered a previously unknown virus at a customer site, mid 90s. It snuck in via outlook express, and distributed itself by setting a signature block. Their antivirus (symantic I think) didn't spot it, even when scanning an isolated example and I couldn't find a reference on the various av vendor sites. Submitted it to them, and it was duly added a day or two later. Thankfully it wasn't anything destructive..

    I did only find it because one of the users spotted that their usual signature had vanished... They dealt a lot with manufacturers in China so I suspect it came in that route, but never did trace the source properly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021