[ISN] A screensaver that costs 100,000 dollars?

From: InfoSec News (isn@private)
Date: Thu Mar 24 2005 - 01:44:27 PST


http://www.net4nowt.com/isp_news/news_article.asp?News_ID=2789

23 March 2005
United Kingdom
By Net 4 Nowt

Hardly seems possible, but they do exist, and they're all free.

Computer Networking and Support company AnswersThatWork.com were
recently called urgently on a Monday morning by one of their clients,
a large international law firm with offices in several countries, who
were suffering from a number of serious network problems ranging from
constant disconnections and Internet Access problems to a total
inability to logon to their network.

Since AnswersThatWork had only just completed a major weekend upgrade
of their communications infrastructure, AnswersThatWork's first
thought was that despite all the dry runs and thorough checks, there
was probably something in the weekend upgrade which, in a Live
situation, and with all users connected, was creating a major
communications bottleneck. So, when called upon in emergency, their
first task was to re-run all the weekend tests. This took the best
part of a day given the scale of work that had been done. The task was
also made that much more difficult by the random nature of these
network communications problems. Meanwhile no-one was able to use the
network productively because of the problems.

When the tests on the weekend upgrades were found to be working
properly, the question remained as to why the network was still,
effectively, unusable.

When the focus of their investigations moved away from the weekend's
upgrades, some of the network tests started to point to specific PCs
on the network. On checking the PCs in question it became instantly
clear that they were infected with a new unknown virus! Instant
emergency meeting. After consultation with the in-house IT support
team it was decided that the only way to thoroughly clean the system
of this paralysing threat was to shut down the entire network and
clean every single PC one by one with AnswersThatWork's
troubleshooting tools. This took four hours. Meanwhile no one could
access the network.

What eventually transpired during the process of cleaning the network,
was that on that morning a user had received an email about a "great
place for free screensavers". That user had clicked on the link and
downloaded what looked like a very cool screensaver. The user then
forwarded the email to a number of other users who also downloaded the
same funky screensaver. By mid-morning 16 PCs had the new "brilliant"  
screensaver installed, with more users about to install it! However,
unbeknown to those users, on installation the screensaver was
releasing a brand new virus as yet unknown by the major antivirus
companies. This virus belonged to a new trend of viruses which perform
DoS attacks (Denial of Service) in short bursts only (to escape easy
detection) with the result that you can have a network which works
perfectly for an hour or more but which then suffers untold disruption
for a 5 15 minute period, only to again work properly until the next
random attack.

The upshot? A full day's worth of billable time was lost by all the
fee earners of this law practice; two days of in-house PC support were
used up, plus two days of AnswersThatWork's time, involving two
technicians. Costs, as per the internal memo sent by the firm's
partners: a cool $100,000.

This happened in a firm that, because of it's very nature, only
employs very bright, highly educated people. They have a company
policy which prohibits anything being loaded onto end-users PCs
without permission from the IT department, and which carries strong,
well-worded advice about Internet usage. It still happened.

As AnswersThatWork's Product Manager, Maurice McElroy, said, "These
are sensible people who wouldn't cross the road without looking to see
if any cars were coming; wouldn't think of walking down a dark
alleyway on their way home, and would definitely not walk into an
unknown bar offering to take on anyone in the house. Yet, once they
get on the Internet they do all that and more!"

He went on to say that if a company has an Internet usage policy then
it must make sure that the policy is implemented, revised at least
twice a year, and employees reminded of the main do's and dont's in
regular internal bulletins.

"In 2005", Maurice continued," there are very few companies and
organizations where full Internet access is not needed. I'd go even
further in saying that lack of full Internet access is a serious
commercial disadvantage in today's business world. So you've got to
have the Internet. However, you do need to be careful out there. It's
like our road system - drive a car with no driving lessons at all and
where you end up is unlikely to be where you intended to be, it may
not even be on this planet ! Take the driving lessons, follow the
guidelines, and you'll be safe most of the time. That's the
Internet!".



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Thu Mar 24 2005 - 03:50:57 PST