Home page logo

funsec logo funsec mailing list archives

A virus too big to fail?
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Mon, 22 Jul 2013 18:20:29 -0700

Once upon a time, many years ago, a school refused to take my advice (mediated 
through my brother) as to what to do about a very simple computer virus 
infection.  The infection in question was Stoned, which was a boot sector infector. 
 BSIs generally do not affect data, and (and this is the important point) are not 
eliminated by deleting files on the computer, and often not even by reformatting 
the hard disk.  (At the time there were at least a dozen simple utilities for 
removing Stoned, most of them free.)

The school decided to cleanse it's entire computer network by boxing it up, 
shipping it back to the store, and having the store reformat everything.  Which 
the store did.  The school lost it's entire database of student records, and all 
databases for the library.  Everything had to be re-entered.  By hand.

I've always thought this was the height of computer virus stupidity, and that the 
days when anyone would be so foolish were long gone.

I was wrong.  On both counts.




"In December 2011 the Economic Development Administration (an agency under 
the US Department of Commerce) was notified by the Department of Homeland 
Security that it had a malware infection spreading around its network.

"They isolated their department's hardware from other government networks, cut 
off employee email, hired an outside security contractor, and started 
systematically destroying $170,000 worth of computers, cameras, mice, etc."

The only reason they *stopped* destroying computer equipment and devices was 
because they ran out of money.  For the destruction process.

Malware is my field, and so I often sound like a bit of a nut, pointing out issues 
that most people consider minor.  However, malware, while now recognized as a 
threat, is a field that extremely few people, even in the information security field, 
study in any depth.  Most general security texts (and, believe me, I know almost 
all of them) touch on it only tangentially, and often provide advice that is long 
out of date.

With that sort of background, I can, unfortunately, see this sort of thing 
happening again.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Confidentially, your delusion that you are the only sane one and
everyone else is mad is correct, but they *are* in charge ...
                                    - Len Norris (editorial cartoon)
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]