After several phones calls and in person chats, nothing happens. The media whips all these people into a fury and frenzy over this 'April 1st Virus' and nothing happens. Well, a few things happened, but nothing like the massive digital destruction foretold by the media.
The worm, dubbed Conficker (a German melding of "configure" and an obscene phrase), has security experts looking confused and useless. It's really a series of worms, all variants of the same code base, which have been released over time. Estimates place the number of PCs and servers compromised so far at about 10 million machines in over 150 different countries (with 3 million in China alone). The worm is scheduled to do ... something ... on April 1, hence forth as the media branding and general naming of the 'April 1st Virus'.
A church decided the risk was too great, so they kept all of their computers turned off. Sure, if they were infected or vulnerable, that would have saved them. After all, it is hard to damage a computer if it's powered down. They forget though, the threat just doesn't show up for one day and one day only. As soon as they power up, they'd be owned, but of course, since the media made a big deal about April 1st and ONLY April 1st, thats the only day to be worried. There is always a threat, always waiting, always probing...
The only other causality, was an older woman, who's husband was in such a panic over the worm, again, thanks to the media coverage. The husband was demanding that since the woman knew more about computers she NEEDED to get on-line and get extra protection on their just recently rebuilt Windows XP PC. Her reaction was just like the church's, keep the computer turned off. So she calls and we tell her, nothing is happening, no fire and brimstone, no digital death, and no Zero Hour. So she gets on-line, starts searching, and manages to download a copy of Spyware Doctor. The installation ends up hosing her PC and spitting out a BSOD, STOP 0x35.
So now she needs to bring the PC into the shop, again, so we can remove the Spyware Doctor and rollback the changes. Mind you, we'd just recently rebuilt her PC. So she was current with both her Windows and Office patches and on top of that, was protected with AVG Free 8.5! The PC would have also had the latest drivers, Java runtime environment, Adobe PDF Reader, Flash player, and Shockwave player! Had the husband just cooled it or the wife stood her ground, the situation would have been averted.
Why of all things, does it take so long to resolve the major infection avenue, the Windows Server service vulnerability discovered (and patched) in October 2008? According to security experts, up to 30 percent of all Windows machines worldwide are still not protected against this vulnerability. (It was around 50 percent at the end of 2008.)
I've informed both that the media should be sued for making such a big deal about nothing to help cover the costs with everyone over reacting and damaging the computers.
Wednesday, April 1, 2009
Monday, March 9, 2009
Trust
In my 9-5 job, we get a call about someone with a virus looking to have it removed. He didn’t wish to pay for the hourly onsite service to try and remove the malware. When told it would take roughly 2 business days, he decided he didn’t like that option either. It wasn’t the fact that he would take about 2 business days to perform the service, it was that he wasn’t sure if he could trust us. We handle a Township, several doctor's offices, and a couple of law firms... I think we got this.
But it does make me wonder, how often we put trust in our fellow human beings.
But it does make me wonder, how often we put trust in our fellow human beings.
Monday, February 9, 2009
Tax Preparer Hacked
In my 9-5 job, we get a ‘Do-It-All’ whom in this instance, is a tax preparer at this particular moment. Her PC is an old POS by today’s standards. She claims the PC was used to drain a couple of grand from her savings account. She’s already taken the issue up with the police and been told the FBI or Secret Service might look into the issue… doubtful.
So we’re contracted to make a copy of the HDD, for if the issue is examined in depth by the authorities. An exact copy is made to a bigger drive and that drive is used to copy the data off and keep a clean safe copy.
*That copy has been sitting in storage with no requests from the authorities for it since early November 2008*
The client refuses to have the Windows installation wiped and redone from the ground up, as she has never backed up her data and is worried we might miss something. So I get to clean up the system, which in this case, is a custom built AMD Athlon XP 2200+ (~1.8GHz) with 512MB and an 80GB HDD using the FAT32 file system. It had Windows XP SP2 Home Edition, Internet Explorer 6, and a damaged McAfee and Grisoft AVG 7.1 AV. I say damaged in that it looks like it was running (icon in system tray), but you couldn’t open the application to do anything! Not to mention the roughly half an inch of dust and debris inside of the computer’s case.
Oh, and let’s not forget the installed copy of Kazaa, because you have to illegally download some music on your ‘business’ PC with not one, but two damaged AV!!!
A copy of the drive has been scanned with AVIRA AntiVir, Malwarebytes, A-Squared, SuperAntispyware, and ThreatFire. The scans were run on a clean system with the copied drive attached via a USB to IDE adaptor. The scans cover all directories except the Documents and Settings and System Volume Information folders.
So far the results are: MyWebSearch, SPR/Fake.ErrorKille (ErrorSmart), TR/Dldr.Adroar Trojan, DR/Keenval.2 dropper, TR/Dldr.Keenval.E Trojan, several variations of the TR/Dldr.Dyfuca.* Trojan, DIAL/EDGACCESS.5 dialer, TR/Dldr.QDown.L Trojan, HTML/Rce.Gen HTML script virus, SPR/Dldr.Agent.C program, TR/Dldr.Agent.alr.3 Trojan, DR/FlashTrack.E dropper, & TR/Drop.Starter.G.3 Trojan.
At what point does a business or person actually care about the data they hold? In this case, someone with access to a lot of confidential and sensitive information about other people severely dropped the ball. Outdated Windows XP Service Pack, dual outdated and damaged AV, and a severe malware infection… I realize not everyone is IT savvy, but those whom handle such data, need to learn at least enough to, if not to protect themselves, then at least those other’s whom data they hold in their hand.
So we’re contracted to make a copy of the HDD, for if the issue is examined in depth by the authorities. An exact copy is made to a bigger drive and that drive is used to copy the data off and keep a clean safe copy.
*That copy has been sitting in storage with no requests from the authorities for it since early November 2008*
The client refuses to have the Windows installation wiped and redone from the ground up, as she has never backed up her data and is worried we might miss something. So I get to clean up the system, which in this case, is a custom built AMD Athlon XP 2200+ (~1.8GHz) with 512MB and an 80GB HDD using the FAT32 file system. It had Windows XP SP2 Home Edition, Internet Explorer 6, and a damaged McAfee and Grisoft AVG 7.1 AV. I say damaged in that it looks like it was running (icon in system tray), but you couldn’t open the application to do anything! Not to mention the roughly half an inch of dust and debris inside of the computer’s case.
Oh, and let’s not forget the installed copy of Kazaa, because you have to illegally download some music on your ‘business’ PC with not one, but two damaged AV!!!
A copy of the drive has been scanned with AVIRA AntiVir, Malwarebytes, A-Squared, SuperAntispyware, and ThreatFire. The scans were run on a clean system with the copied drive attached via a USB to IDE adaptor. The scans cover all directories except the Documents and Settings and System Volume Information folders.
So far the results are: MyWebSearch, SPR/Fake.ErrorKille (ErrorSmart), TR/Dldr.Adroar Trojan, DR/Keenval.2 dropper, TR/Dldr.Keenval.E Trojan, several variations of the TR/Dldr.Dyfuca.* Trojan, DIAL/EDGACCESS.5 dialer, TR/Dldr.QDown.L Trojan, HTML/Rce.Gen HTML script virus, SPR/Dldr.Agent.C program, TR/Dldr.Agent.alr.3 Trojan, DR/FlashTrack.E dropper, & TR/Drop.Starter.G.3 Trojan.
At what point does a business or person actually care about the data they hold? In this case, someone with access to a lot of confidential and sensitive information about other people severely dropped the ball. Outdated Windows XP Service Pack, dual outdated and damaged AV, and a severe malware infection… I realize not everyone is IT savvy, but those whom handle such data, need to learn at least enough to, if not to protect themselves, then at least those other’s whom data they hold in their hand.
Subscribe to:
Posts (Atom)