http://www.net4nowt.com/isp_news/news_article.asp?News_ID=2789 23 March 2005 United Kingdom By Net 4 Nowt Hardly seems possible, but they do exist, and they're all free. Computer Networking and Support company AnswersThatWork.com were recently called urgently on a Monday morning by one of their clients, a large international law firm with offices in several countries, who were suffering from a number of serious network problems ranging from constant disconnections and Internet Access problems to a total inability to logon to their network. Since AnswersThatWork had only just completed a major weekend upgrade of their communications infrastructure, AnswersThatWork's first thought was that despite all the dry runs and thorough checks, there was probably something in the weekend upgrade which, in a Live situation, and with all users connected, was creating a major communications bottleneck. So, when called upon in emergency, their first task was to re-run all the weekend tests. This took the best part of a day given the scale of work that had been done. The task was also made that much more difficult by the random nature of these network communications problems. Meanwhile no-one was able to use the network productively because of the problems. When the tests on the weekend upgrades were found to be working properly, the question remained as to why the network was still, effectively, unusable. When the focus of their investigations moved away from the weekend's upgrades, some of the network tests started to point to specific PCs on the network. On checking the PCs in question it became instantly clear that they were infected with a new unknown virus! Instant emergency meeting. After consultation with the in-house IT support team it was decided that the only way to thoroughly clean the system of this paralysing threat was to shut down the entire network and clean every single PC one by one with AnswersThatWork's troubleshooting tools. This took four hours. Meanwhile no one could access the network. What eventually transpired during the process of cleaning the network, was that on that morning a user had received an email about a "great place for free screensavers". That user had clicked on the link and downloaded what looked like a very cool screensaver. The user then forwarded the email to a number of other users who also downloaded the same funky screensaver. By mid-morning 16 PCs had the new "brilliant" screensaver installed, with more users about to install it! However, unbeknown to those users, on installation the screensaver was releasing a brand new virus as yet unknown by the major antivirus companies. This virus belonged to a new trend of viruses which perform DoS attacks (Denial of Service) in short bursts only (to escape easy detection) with the result that you can have a network which works perfectly for an hour or more but which then suffers untold disruption for a 5 15 minute period, only to again work properly until the next random attack. The upshot? A full day's worth of billable time was lost by all the fee earners of this law practice; two days of in-house PC support were used up, plus two days of AnswersThatWork's time, involving two technicians. Costs, as per the internal memo sent by the firm's partners: a cool $100,000. This happened in a firm that, because of it's very nature, only employs very bright, highly educated people. They have a company policy which prohibits anything being loaded onto end-users PCs without permission from the IT department, and which carries strong, well-worded advice about Internet usage. It still happened. As AnswersThatWork's Product Manager, Maurice McElroy, said, "These are sensible people who wouldn't cross the road without looking to see if any cars were coming; wouldn't think of walking down a dark alleyway on their way home, and would definitely not walk into an unknown bar offering to take on anyone in the house. Yet, once they get on the Internet they do all that and more!" He went on to say that if a company has an Internet usage policy then it must make sure that the policy is implemented, revised at least twice a year, and employees reminded of the main do's and dont's in regular internal bulletins. "In 2005", Maurice continued," there are very few companies and organizations where full Internet access is not needed. I'd go even further in saying that lack of full Internet access is a serious commercial disadvantage in today's business world. So you've got to have the Internet. However, you do need to be careful out there. It's like our road system - drive a car with no driving lessons at all and where you end up is unlikely to be where you intended to be, it may not even be on this planet ! Take the driving lessons, follow the guidelines, and you'll be safe most of the time. That's the Internet!". _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Thu Mar 24 2005 - 03:50:57 PST