A frightening tale of computer infection and its consequences

Discussion in 'malware problems & news' started by Arup, May 1, 2009.

Thread Status:
Not open for further replies.
  1. Arup

    Arup Guest

    http://msmvps.com/blogs/spywaresucks/archive/2009/04/29/1691530.aspx




    “It all started when I wanted to get more performance out of my video card. I download the latest drivers and included this virus.”

    Yep, that one simple act turned into an infection nightmare lasting three weeks. I’m hoping Micky will work out exactly where he got the drivers from, and let us know (as well as warning whoever it is that is distributing the infected drivers.

    The entire sorry tale is at www mickyj com / blog htm (link deliberately broken because I'm not sure that I want anybody going there yet).

    To save you from the need to visit, I'll copy Micky's tale of woe verbatim. Micky’s message to everybody is “Make sure to point out that no matter how cluey you are with IT (I have 20 years experience) these things are getting nasty.”
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    A few points:

    First, he installed the file himself ... so ...

    Second, what about a read-only offline copy of data + system image on DVDs, for instance? That kind of data will remain safe no matter what. And imaging software ... he reinstalled 20 times ... that's not professional. After 20 years in IT, you ought to have an imaging system at hand.

    As to reinfection, I don't see why this should occur. Infection yes, but then after the reformat - and disabling autorun on all drives, the presence of the virus on any other file should not have mattered unless executed by the user.

    Third, what about booting into live session or Linux and then cleaning the infected files at leisure?

    Mrk
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Honestly Mrkvonic, how can this thread continue when you cut to the chase so quickly? lol.

    Ruined :D

    Sul.
     
  4. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Same here, I thought we were supposed to let the overreactions, paranoia and MS-bashing run for a couple of pages first. :doubt:
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Sully, not ruined, no ... but I try to think about people who are less knowledgeable than we are and read something like that ... a terrible fear sets upon them.

    It is important to rationalize the actions, the consequences ... it may well be that there is a terrible virus on the loose, but that does not mean the infection cannot be easily prevented or that useful, alternative cures exist to methods tried by the person in question.

    Fear of the unknown is the worst thing that can happen to human mind.

    I think the swine flu is more important than computer viruses, by the way.

    Mrk
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It's interesting that the computer world adopted medical terms to describe security breaches:

    virus -- infection -- injection.
    Words guaranteed to instill fear at the outset.

    ----
    rich
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I know a lot of real experts (acquaintances really) that regardless of their experience they blunder badly because they are either overly confident in their capabilities or they are really interested in other aspects of computing.

    One should also realize that absolute knowledge in computers doesn't necessarily imply a good knowledge in computer security. Very often computer scientists and real experts are more concerned about innovative systems and programs which from my point of view is what real computing is all about.
     
  8. DesertRat

    DesertRat Registered Member

    Joined:
    Jul 12, 2008
    Posts:
    32
    I've been, for the most part, pretty much thinking as you say. I'm inclined to give him a pass, though. For two reasons:

    • He said the virus was undetectable when not propogating plus it had infected his message signatures. I think that I would have restored the last backup, or even a backup of the current message file, after a system reinstallation. I would have been hammered just like him. I wonder how long it would have taken me to figure out that my signatures were a problem?

    • He said his web sites were infected. Okay, at last, everything seems to be working after 4 or 5 reinstallations. He finally figured out his message store was a problem. He's in business. Let's update the blog with the latest happenings. He just got nailed again.
    I can see a typical scenario where the drives are reformatted, the OS reinstalled, and then from a recent backup, his e-mail message file being restored. According to what he says about the behavior of this virus, that step would reinfect him if that backup was infected. He would have no way of knowing. The only solution is not to restore any backups. (You might say that he could simply avoid backups made after the infection. It's easy to say. In this case, from what he said, I had the impression that he couldn't, at first, identify when or how the infection happened.)

    What you say is all very true. I might add to your statement about "overly confident" by saying "careless". I, myself, have three times executed "del *.* /f /s /q" in the Windows directory, thinking I was somewhere else. That command works best at 2 AM. (By the way, I don't do that anymore. The consequences of an error aren't worth the convenience.)

    Computer operations have become terribly complex, straining the ability of any one person to have the knowledge or resources to cover every contingency, in particular, and especially, if the services or product of this one person, or few persons, is for public consumption, or available to the public.
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Not really.

    I wonder if Prevx would've helped him?
     
    Last edited: May 2, 2009
  10. Lovecraft

    Lovecraft Registered Member

    Joined:
    Mar 7, 2008
    Posts:
    13
  11. Jazz

    Jazz Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    37
    Location:
    London, UK
    '...I download the latest drivers and included this virus...'

    Begs the question. Where did this individual download the drivers from? The manufacturers website??
     
Loading...
Thread Status:
Not open for further replies.