|
|
|
Here is where you can report infections and see reports of local
trends of virus infections in the Lawton/Ft. Sill, OK area.
Local trends will be reported as such. This will include the type virus, numbers of systems infected or whether an isolated incident, cause of infection if known, etc.
If you think something else should also be covered let me know.
There is one longstanding trend in the area. It has been pervasive for over 5 years and continues unabated. Roughly 90%+ of all virus infections in the area are a result of the sneaker net. These are the boot sector infecting (BSR/BSI) viruses. I call it the sneaker net because it's the result of passing on diskettes for what ever reason and never checking them!
Some of you are familiar with these viruses. In this area, it seems Stoned, Michaelangelo, and Monkey are the most common around here. The problem being that the sneaker net is the ONLY* way to get them. You need to start practicing Safe Hex by checking all disks foriegn to your computer. Additionally, because of gross misinformation, to many people are losing their data due to incorrect recovery attempts.
*Exception: Unless you're hit with a Dropper and no one has!
Related to this trend is EVERYONE who has lost data from these viruses after getting someone elses help needs to know they lost it for no reason!! The fact being that unless a virus with a payload has activated, you can make a 100% recovery with no loss of data in ALL cases. That's right..... The simple test is this: If you can detect the virus and all your data is intact, 100% recovery is possible if done correctly. Please see Common Myths Dispelled for more info.
I hope to better automate this process, but for now, send e-mail to (click to send msg)wdirks@sirinet.net. In the message, basically give the 5 W's (who, what, when, where, how and why) along with the software that found and missed it. If there were any special circumstances, please mention these also. This includes but is not limited to, did it bypass any AV software, was it from a shrinkwrapped product or an internet site, damages, etc.
There are two recent trends that I'm finding rather disturbing. People are not keeping their scanners up-to-date. This is normal. But, in the past it was simply maybe one version old or similar. Not seriously outdated! The other is the apparant apathy applied towards Macro viruses along with lack of honestly by infected businesses. This is leading to some rather serious problems. A case in point.
I was recently contacted. It was so a person could get current versions of their scanners along with any updates. This was because they were using an outdated scanner and trying to use it to remove macro viruses that were originally found almost Two years ago. A scanner even a year old would have helped but it wasn't available *(. I was also quickly told of the problem and the solution seemed straight forward at first.
The next day I'm updated on the situation. More of the truth came out, or I should say that it all did. They had a serious problem that they didn't take seriously until it could no longer be ignored. In otherwords, they were way in over their heads. Potentially every PC in an organization with 15,000+ PC's was all ready, or eventually soon to become infected. As it was, they were losing data about 15 PC's a day to the point they were no longer bootable or usuable with reinstalling all OS software. This was because not one, but at least two common in the wild viruses were loose on the network. I offered to troubleshoot the real problem and prescribe an easy solution that could be implemented themselves. To date, they have not asked for any more help nor replied to any of my e-mails. One mail was spelling out the problem and asking them to confirm it so I could give proper instructions to clean things up. The other was a quick and dirty info sheet on how to clean systems individually asking for confirmation that it helped.
I don't know about you, but this seems rather poor on their part. No acknowledgement, nothing. I did hear from another source that the original instructions were not working. However, this was from them not following them. Maybe they decided to start following them.
