Announcement

Collapse
No announcement yet.

IT guy checks to see if PC is virus-free, with virus-ridden USB stick

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    IT guy checks to see if PC is virus-free, with virus-ridden USB stick

    (Reposted from http://www.theregister.co.uk/2017/02/10/on_call/)
    (All redirection URL links removed by KFN Administrator)

    Same org saw users catch ransomware twice. In one day. After being warned



    On-Call Welcome again to On-Call, our weekly therapy session for readers who need to share terrible memories of jobs gone horribly, horribly, wrong.


    This week, meet “Dirk” who we imagine is carrying quite an emotional load because he's witnessed some horrors created by truly dull-witted users.


    Take, for example, the crew his IT team recently saved from ransomware. Twice. On one day.

    Dirk's tale started when, one pleasant morning “some idiot clicked on a CryptoLocker attachment, and - Boom! - the network drives were encrypted.”


    Dirk's IT team sent out warning emails about what not to click, restored the drives in under two hours and were just about to put up their feet and take some credit for a job well done when – you guessed it – someone else clicked on another CryptoLocker attachment and the problem happened all over again.


    This time IT told staff to leave their PCs on when they left for the day. By the next morning the company had a new ransomware-innoculated standard desktop and network drives that had again been saved.


    But Dirk's seen worse, too.


    Once when he had a bit to do with a large utility, Dirk says “an employee introduced a virus onto his PC from a USB stick.”

    No big deal in this day and age, you'd imagine. But of course in this case the outsourced help didn't keep the anti-virus right up to date, so the software detected infected executables and quarantined them but couldn't stop the spread of the virus.

    “After a couple of days everyone's PC slowly ran out of executables and became useless,” Dirk recalls, adding that “My favourite moment was when an IT support guy went into the SCADA control room to check on the SCADA operator GUI PCs. Up until then the SCADA system was fine because it was on a separate firewalled LAN. But this genius plugged in his USB stick with some GUI-based network monitoring tools to make sure the SCADA LAN was OK.”


    You can guess what happened next: the USB stick had been infected and the SCADA system came down too. Two weeks and another new Windows standard operating environment later, the company was back on its feet.
    Last edited by Snowhog; Feb 12, 2017, 04:12 PM. Reason: Removed all redirection links; add full attribution URL
    systemd is not for me. I am a retro Nintendo gamer. consoles I play on are, SNES; N64; GameCube and WII.
    Host: mx Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc v: 8.3.0 Desktop: Trinity R14.0.8 tk: Qt 3.5.0 info: kicker wm: Twin 3.0 base: Debian GNU/Linux 10

    #2
    Around 2003 our Novell NetWare network was constantly being infected. I could count on a 3 hour vacation every Monday morning waiting for the LAN to come back up. All of it was malware brought in by the 400 clerks who were playing CD's and USB music during work. IT finally got tired of cleaning up the infections and disabled ALL USB & CDROMs on all workstations except for the 15 developers. They also installed a $28K Internet gateway running Linux that blocked malware. They also began replacing NetWare with RH6. No more infections. Much faster LAN and workstations. Except for me. I was always running SuSE and never had problems with malware.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #3
      At the clinic, we now have a total of 12 Linux Debian workstations networked to the local hospital. Since we opened the doors, not one computer virus or trojan. The hospital is a different story, they keep having issues and about 3 or 4 months ago the administrator stopped by our clinic. He was impressed by Frank's choice to run 100% Linux. It is not like Frank and I run a tight ship with an iron fist here either. When slow, we all have time to play on web gaming, I don't mind as long as the work gets done. But according to the hospital administrator their latest issue was someone playing games on a website like PopCap, Big Fish, etc. and click on a link that snagged a trojan horse or a virus. He stopped in to warn us, but I don't believe we have any issue. Frank assured him that our end is safe.

      Since his visit, I haven't heard anything else out of the hospital. But I will always wonder, if some disgruntle IT peon in their networking department, suggested we gave the hospital the bug?

      Comment


        #4
        I have a similar story. Back in the day I was in charge of the desktop reference image for a fair-sized agency under DoD. We'd decided that this time we'd have Gateway preinstall the image on new laptops. Gateway (and I assume other vendors) had to approve the reference image before they'd install it on their hardware.

        First shipment of laptops was infected *by Gateway* and they had to send techs all over the country to fix laptops once I proved to them the reference image was clean. I gotta say they got a couple hundred laptops fixed in just a couple days, though - you'd be surprised how fast a vendor can respond once you prove to them they infected a pile of new laptops
        we see things not as they are, but as we are.
        -- anais nin

        Comment


          #5
          Originally posted by wizard10000 View Post
          ... you'd be surprised how fast a vendor can respond once ...
          Not viri or infected PCs, but while I was working; many years ago; one of our main Xerox copier/printers; one of the big business ones; 'caught fire' while it was being used (some of the wiring inside overheated and started melting, resulting is smoke). This was early in the morning; before 9:00AM. Xerox was called right away, and they had a replacement installed and the damaged one removed within a couple of hours. I was convinced they didn't what the word to get out that their machines 'catch fire'.
          Windows no longer obstructs my view.
          Using Kubuntu Linux since March 23, 2007.
          "It is a capital mistake to theorize before one has data." - Sherlock Holmes

          Comment

          Working...
          X