Typical – the first recent virus that does damage to the users local files as opposed to just launching a DOS attack or act as a zombie (which the firewall would have prevented) and this is the one that the user gets infected with, AND with no backup of their data!
The cost to us was a days downtime whilst I had the users pc shipped to the office to work on, 5 hours of my time to hack the box to change the administrator password (as this was set by a previous company and I wasn’t bringing the machine online to change the password over the network!),run the av software check (which took about 3 hours to run), run adaware to remove the spyware (gator) on the machine and check for windows updates (remarkably uptodate!) I also had to run a complete network sweep which REALLY slowed everyone’s machine for about an hour – and all because updates were less than a day old and someone was daft enough to open a weirdly named attachment. In their defence the file did look a .txt file due to large amounts of spaces and changing the icon to look like a .txt file instead of a .exe file

Back in the office today after an extended 4 day visit to a customer (which was only scheduled for one day!) I decided to check that the NAV definitions were up to date (which they were) and to double check they would detect the Netsky.B virus. After waiting about 3 or 4 minutes for the list of virus’s that Norton detects (wouldn’t it be nice to have a search function?) to load I was able to confirm it did detect them. I then checked my mailbox and found a letter from Symantec, dated the 18th, which arrived this morning (20th) telling me about the virus. I thought the whole point of these Virus Bulletins was to give you a head start on possible infections, not notification two/three days after you read about it everywhere else and even the 4 year old from next door is asking your opinion on it (not really – hes more like 44 years old)

I’d come across the Stinger utility from Network Associates Inc. but didn’t know what it was. Apparently its a utility that will assist you in removing the latest virus’ from your computer – all in one .exe file. Although no substitute for av software it would make a good tool to have on a usb disk/floppy/cd to take to peoples machines when they ring up as they’ve been infected.

Interesting post from Netcraft on how Microsoft and SCO could be planning to sort out the Denial of Service likely to happen on Sunday when the latest virus starts to attack. Apparently last time round Microsoft used Akamai to split the load – but they use Linux so it wasn’t a good PR move to host Microsoft.com on a linux box – and how is SCO going to cope if they won’t use Linux either (after all they’d then have to sue themselves.

and you get a rapidly spreading virus – or so the news would have us believe. We’ve had one instance so far with the subject “Hi”, with an attachment of “kjywtjhgnbw.exe”. The body of the email contains Test =) lfcdlfaorget
–Test, yep. Now if you got an email like this would you click on the .exe file?

That virus alert I posted the other day has now been classified as w32.bugbros@mm which sounds more like a bug in a movie.

Looks like there’s a new microsoft virus doing the rounds. Similar to the previous alerts, this looks like a regular microsoft alert apart from the fact that it includes the “patch” itself and it comes from a weird microsoft email address.

We’ve now started to get alerts that Mimail infected emails are coming in. Fortunately we’re detecting and deleting the attachments but I’m hoping it doesn’t eat too much of our bandwidth up. In the meantime the status of the threats can be seen at Symantec Security Response. When will these infected people learn?

Looks like there might be a new virus doing the rounds as I’ve received several bounces where i’m the “reply to” field in the email. The body of the email contains different subjects, so far i’ve had “your password”, sophos virus removal tools, ie6 patch etc… The good news is that I think I know who got infected with this one.