May 2006
S M T W T F S
« Apr   Jun »
 123456
78910111213
14151617181920
21222324252627
28293031  

About

I am The Cyberwolfe and these are my ramblings. All original content is protected under a Creative Commons license - always ask first.
Creative Commons License

Something stinks in Denmark

Okay, maybe not quite Denmark, but the client in question is out in Sandy, which sometimes feels that far away.

Got a call last week that one of the terminals at a clien’ts business had managed to get a virus. Considering the presence of a masterfully tuned installation of SAV10, this was a rare feat indeed for the virus sender.

One look at the screen said it all: the culprit was one of many variants that turns the affected host into a spam relay – as evidenced by the no less than 37 email scans in constant process. Logs revealed a multitude of random email addresses and bogus subject lines. Oh – and the damn thing spreads itself via file sharing protocols across a network.

Nuh-uh. Nobody turns my systems into a botnet!
>click< as the network card is disabled. SAV quick scan...target acquired. Download removal tool from Symantec, follow simple instructions... >beep< The light is green, the trap is clean. Turns out only the one system was compromised, and it had to be by inadvertant user assistance. (The poor sod clicked on something somewhere...) The beauty part is the only folder available via file-sharing at the time was the data folder that is only accessed by an ancient DOS database - and DOS is too stupid to know what to do with this bit of virus code. In other DOS fun, I was suckered into responding to a post on Craigslist from someone having trouble re-formatting a disk for an XP install. They are currently running into just about every problem they can have. It sounds like the whole thing started with a mildly corrupt mbr that hosed the install process - not a big deal. Turns out there is an undocumented feature of fdisk for erasing and re-writing the master boot record of the drive, and that should fix their problem. Only they don't have a boot disk. Ok, send 'em a link to bootdisks.com...oh, they don't have a floppy drive. Ok, quick tutorial on making a boot CD with the proper tools... Now I'm waiting for the email that says they don't have a CD burner available to them. That's when they hear about my fee structure.

Comments are closed.