Home page logo
/

funsec logo funsec mailing list archives

Re: A virus too big to fail?
From: "David Harley" <david.a.harley () gmail com>
Date: Tue, 23 Jul 2013 19:46:01 +0100

http://blog.isc2.org/isc2_blog/2013/07/of-mice-and-men.html

A little exercise in nostalgia.

-- 
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: 23 July 2013 02:20
To: funsec () linuxbox org
Subject: [funsec] A virus too big to fail?

Once upon a time, many years ago, a school refused to take my advice
(mediated through my brother) as to what to do about a very simple computer
virus infection.  The infection in question was Stoned, which was a boot
sector infector. 
 BSIs generally do not affect data, and (and this is the important point)
are not eliminated by deleting files on the computer, and often not even by
reformatting the hard disk.  (At the time there were at least a dozen simple
utilities for removing Stoned, most of them free.)

The school decided to cleanse it's entire computer network by boxing it up,
shipping it back to the store, and having the store reformat everything.
Which the store did.  The school lost it's entire database of student
records, and all databases for the library.  Everything had to be
re-entered.  By hand.

I've always thought this was the height of computer virus stupidity, and
that the days when anyone would be so foolish were long gone.

I was wrong.  On both counts.

http://gizmodo.com/government-destroys-170k-of-hardware-in-absurd-effort-
708412225

or

http://is.gd/NHkmo3

"In December 2011 the Economic Development Administration (an agency under
the US Department of Commerce) was notified by the Department of Homeland
Security that it had a malware infection spreading around its network.

"They isolated their department's hardware from other government networks,
cut off employee email, hired an outside security contractor, and started
systematically destroying $170,000 worth of computers, cameras, mice, etc."

The only reason they *stopped* destroying computer equipment and devices was
because they ran out of money.  For the destruction process.


Malware is my field, and so I often sound like a bit of a nut, pointing out
issues 
that most people consider minor.  However, malware, while now recognized as
a 
threat, is a field that extremely few people, even in the information
security field, 
study in any depth.  Most general security texts (and, believe me, I know
almost 
all of them) touch on it only tangentially, and often provide advice that is
long 
out of date.

With that sort of background, I can, unfortunately, see this sort of thing 
happening again.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Confidentially, your delusion that you are the only sane one and
everyone else is mad is correct, but they *are* in charge ...
                                    - Len Norris (editorial cartoon)
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault