Celebrating ten years of watching my back

Archive for April, 2007

Celebrating ten years of watching my back

Posted by

♫ It was ten years ago today, Monkey.B taught the Wolf to play. We’ve been going in and out of style. But we’re guaranteed to raise a smile… ♫

Ten years ago, my company’s — and our client’s — computers were infected with the Monkey.B virus. I suppose you could say it was my first incident reponse experience. It took us a little over three weeks to clean the mess up. The incident sparked in me the desire to a) learn as much as I could about malware; b) learn as much as I could about computer security; and c) never again let this happen to a client. From that day on, I have considered security a functional requirement of every project. It was a tough lesson.

But, it set me on the right path, so thank you Sgt. Pepper.

jwg

 

A couple tokens from the situation …

Newsgroups: comp.virus
From: Wolfgang A Goerlich
Date: 1997/04/08
Subject: Unknown boot virus (PC)

I’m at my wits end with this one. On accessing the a: drive, characters of both the file names and the files themselves are randomly replaced. I run McAfee, and it reported no virus activity. I then replaced the floppy, yet the corruption of files continued. I was also having problems with Win95, so I attempted to reinstall it from the CD-ROM. However, it got past the initial hardware scan, then reported  a boot virus and locked up. So I borrowed a copy of Dr Solomons, but it also reported no viruses. Finally, in desperation, I reformatted the drive. Only now, the format command reports there is a virus, and quits. Also, the same floppy drive corruption continues. Anyone have any ideas of what I could try next? I even replaced the hard drive, but my other one was also infected.

 

Newsgroups: comp.virus
From: Wolfgang A Goerlich
Date: 1997/04/17
Subject: Unknown Boot Virus – Last Words (PC)

> I’m not sure as to what your a: drive is doing, but as for your boot
> sector “virus”, go and turn off boot sector virus checking in your BIOS.
> That will solve your hard drive problems anyway…

Thank you. It turned out that we did have a undetectable boot virus (which we removed using F-Prot). However, the BIOS virus checking was still giving us errors. After reading this, we turned it off and everything has been running smoothly since.