Have you ever witnessed malware/viruses trying to do actual damage ?

[NGRhodes]

Have you ever found malware, a virus or even a remote attacker connected live actually attempting to do damage on your machine.

I can personally say I have only witnessed this twice, once was on a web server that I was responsible for the admin of and was a worm spreading through a remotely accessible exploit in IIS. The host had to turn off network access to all Windows servers and we had to travel to the data centre and install an MS hotfix off-line.

The other was a zero day worm a corporate network caught and caused the network and mail servers to be flooded. Had 5 guys from Mcafee flying in the same day to analyse and paralyse the worm, by the end of the next day they had a working updated virus definition.

On the desktop I have seen AV catching malware and viruses and even found them on machines not working correctly due to the damage caused (but the actual virus/malware no longer working), but never seen any malware OR viruses trying to do actual damage.


Cheers, Nick.

[Hungry Man]

Nope, I've only ever run across automated attacks.

[Dark Shadow]

I dont know about damage but I first hand watched my nephews computer magically go online all by its self,He used to use AOL and it signed on to the Welcome.A few months later his three month old Compaq was dead,Coincidence maybe - perhaps not.

[x942]

Several times, Although I'm not sure if all of them count :p

1) I have about 120 honey pots active getting pounded on daily at my company. We take live snapshots (they are all VM's and isolated from everything else) daily, sometimes hourly. Yesterday alone we found 4,234 new samples of malware. Most of which won't see the light of day in the real world.

Worse case was actually three days ago when one of honeypots was completely "killed" by some randsomeware. It encrypted the entire hard drive and shutdown. At the boot loader it demands you pay to have it decrypted. Sadly (for the creator) it uses the same three keys in order. So you just have to guess the password from the three possibilities and your back in. The passwords were also stored in the bootloader in plain text. Sad really.

2) I attack systems as part of my job so I often cause the damage on systems and see it first hand. Using exploits we found we demonstrated the other day an NFC exploit that could in theory wreck havoc on phones. Can't disclose it yet but it basically uses fuzzing to find and crash the Tag Reader Application with a special payload. We managed to find a buffer overflow here.

3) A clients network a year ago was completely compromised by a worm. The worm spread to every windows based system in the building, DDOS'd the servers from with in the LAN (No isolation) and crashed several routers due to the bandwidth. Needless to say they really poor security. They now run all linux computers and have much better security.

[shakethebabyass]

Out of all the playing around with security programs I do, surprisingly I have only had to deal with the annoying malware attacks like fake antivirus and weird things like that.

I would like to get a good virus on my test machine sometime though so I can play with it. I would take very high precautions of course

[Amit]

I had 4 trojans in all my pc life......one was partially blocked by avg....mbam removed it completely along with 2 other trojans...the other one was blocked by avast!......all infested from a 4 gb pendrive.....they caused some system errors.....

[blacknight]

Yes, sometimes, but only virus immediately blocked by my av.

[chrisretusn]

Rats, I checked no... thinking...but I have, for entertainment purposes and also show-and-tell, in a virtual machine.

A couple of weeks ago, at my club, our CPA , in for our end of year reports, plugged her USB stick in to the USB port, all sort of bells and whistles went off.... well not really the security suite on the XP machines did it's job and stopped it. No damage of course. It also cleaned her stick.

[Noob]

Well i still haven't seen any virus do damage on a PC i won but i'ev seen them screw other PC's. A few years ago a friend clicked on a FB link and her PC got infected, it disabled .exe's files and blocked all programs. Just for the sake of being 100% sure i got rid of it i ended up formatting it after saving the important files.