Lest I forget...

[plonq]

... I bought one of those 1G USB memory sticks on the weekend.  The second thing I did with it (once I'd used it to help get atara's computer upgraded) was load it up with a buttload of music.  It's nice to be able to listen to MP3s at work without the contending with a CD ROM drive that sounds like a jet turbine spinning up.

Speaking of contending with things at work, either one of our staff, or one of our clients appears to have been hit by a virus/trojan.  I'll normally see one, maybe two pieces of external Spam show up in my inbox in a typical month, but in the last two days I've had 31 messages come in, each from a different address, and all of them in German.  Some sample subject lines:

"Volk wird nur zum zahlen gebraucht!"
"Graeberschaendung auf bundesdeutsche Anordnung"
"Paranoider Deutschenmoerder kommt in Psychiatrie"
"S.O.S. Kiez! Polizei schlaegt Alarm"

I have got a couple of (presumably faked) bounced emails, suggesting that my machine had attempted to send out a few bazillion messages.  I'll do a full system scan this morning to be safe.  For the moment I'm keeping all the email rather than deleting it outright because I'm curious to see how many I end up seeing before they manage to shut off the tap.

Comments

[kfops.livejournal.com]

Funny that...! My work account is generally spam-free, but this morning I had four pieces of German junk-mail in my inbox.

I s'pose it slips by all the filters based on English content?

[plonq.livejournal.com]

A combination of that, and a couple of infected machines inside the corporate firewall. We have some mouthbreathers who actually clicked on the link inside the message. =/

[anthony-lion.livejournal.com]

Clicked the link?

And it allowed the virus/worm to install?

The last virus to do ANYTHING at all at our network(5000+ PCs) was Blaster, and it only infected 3 PC's, of which two were laptops.(And one of those was assumed to be the culprit)

We have a couple of rules:

1. No ordinary user have admin privileges on his PC.
2. All PCs run Trend Antivirus. (updated daily)
3. The email gateway runs another antivirus package(I have no idea which one)
4. ALL .EXE .COM .BAT. .CMD .PIF files are blocked in the Mail GW. And so are all files which have 'double lastnames' like .txt.exe.
5. Any PC on which the user have admin privileges, or othervice extended rights, that gets infected is reinstalled from scratch. (Using Zakadmin toolkit)
6. Word and Excel is set up to NOT run any macros that has not been approved.
7. I have ultimate ownership of the local network and will come down like a ton of bricks on anyone connecting unathorized equipment to it.(Like a consultant's Laptop, a Wireless access point or just about anything else)

[dronon.livejournal.com]

All in German? I saw this mentioned in another person's journal - it's the Sober.q virus or worm (?) - (link)

[plonq.livejournal.com]

Very likely, or a related worm. They mutate so fast these days that it's hard to keep track of what letter they are up to.

This one spreads by apparently preying on people who are a) dumb enough to be running IE, and b) dumb enough to click on the attached link. It's a self-infecting worm that's one step removed from that alleged "Newfie Virus" (which is just an email that says, "Please forward this email to all of your friends and then delete the contents of your hard disk. Thanks.").

[tamarik.livejournal.com]

Hmm, this one seems to be bouncing around the exchange server at my work, too. One guy had gotten hit with over 100 messages. I didn't get any. I felt a little slighted. :(

Our IT guys were on top of it pretty quick.