Viruses and malware are running rampant on the Internet (and probably your internal network). I remember back in the day that viruses were purely an inconvenience that robbed your computer of performance or spread itself through email. But today, malware is the tool of choice for thieves who are out to steal sensitive personal and company data in order to access your accounts or assume your (or your customer’s) identities.
So – on with the tale of woe!
Let the suffering begin!
On Monday of last week we got a normal sounding support call from a customer… an application they used was not working and was throwing a check sum error when launching. One of our engineers remoted in to take a look. After about 10 minutes we started getting calls and tickets from just about every user at that company.
This was a network based application and all the users were accessing a shared copy so the fact that everyone was having the problem did not cause a huge alarm.
About 20 minutes after the initial call we started hearing rumors about other applications acting strangely – this is when our alarm bells started to ring loud and clear.
We did the normal stuff;
- Check to ensure the workstations were fully patched – they were!
- Check to ensure the anti-virus real-time scanning was enabled - it was!
- Check that the anti-virus software was updating properly – it was!
- Ran our own malware detection script – nothing!
- Ran a virus scan from the anti-virus application – nothing!
- Downloaded and ran a completely different malware scanner – nothing!
- Move one workstation back to a previous System State – same problems!
Could this be a completely new virus?
At this point, I was starting to get that feeling in the pit of my stomach! We immediately contact our anti-virus software vendor and submitted a sample of the problem – sure enough – this was a brand spanking new variant of the Virut virus. We even submitted the infected executable file to several of the online virus scanning tools – no one saw anything!
My first thought is; How many OTHER customers are having the same thing right now?? Scary thought!
So while our anti-virus vendor was busily updating the scanning definitions and coming up with a fixer tool to repair the executable files (normally with Virut you just wipe the entire network and start over – NOT something I wanted to contemplate) we started backtracking how this thing got into the network.
How could this have happened?
A quick look in our system revealed a user that was constantly having malware/virus issues that, up until now, were a mere inconvenience. Sure enough, this machine was the one that was doing the damage.
Over the past several months we had found this user constantly goofing around on the Internet – visiting sites which were clearly not work related and represented the more seedy areas of the Internet at best! This was Very Frustrating because we had warned the user and the business owner that this behavior was a ticking time bomb – well – it went off!
We were finally able to work with our anti-virus vendor to get the detector/cleaner tool working properly and get the network and all the machines back up and running but only after hours and hours of time invested on our part and tons of wasted time due to the network being inaccessible.
Good Networking!
Eric Hobbs
Technology Associates
ehobbs@technologyassociates.net
919-459-0109 – Direct
Things to Think About…
- Educate your users. I just posted an article entitled Top 8 Ways to Get A Network Virus that should be required reading for ALL your users.
- I strongly recommend that companies install a web filter. This prevents non-work related Internet browsing BEFORE it blows up your network and ensures your users are doing their jobs and not goofing around on the Internet on your time.
- Find out more. Download our free report How The Internet Is Ruining Your Business and What You MUST Do To Regain Control! This report will outline in plain, non-technical English the treat the the Internet poses to the health and security of your network, how it erodes productivity and what you need to do to regain control.
