Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Deliberate virus infection 9

Status
Not open for further replies.
KimberTech

KimberTech

MIS
Oct 18, 2001
846
CA
What would you do if a fellow "professional" (cough choke)
deliberately infected your network with a virus to prove a point? (Sent through file transfer.)
If the virus of choice was executed on the PC due to trust of the person sending it to you, and it was an email virus that destroyed your credibility with your clients, sending them the virus?

This actually happened, and I am curious to know how members would handle this....any action they would take or not, or just put it down to a "got me" and forget it....learn from it.

I am eagerly awaiting points of view.

Kimber Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Sort by date Sort by votes
Are you talking about a work collegue or someone who works in another organisation?
 
Upvote 0 Downvote
Formerly a work collegue....at time of incident working in separate orgs....he was proving he could circumvent the others virus protection.

That makes a difference? Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Upvote 0 Downvote
Well, I was just thinking if you worked in the same place you always have the option instigating internal procedures. A slap on the wrist might sort it out. If it's an external person then it could be harder to get their manager to take notice - it may well be a legal issue as what's been done sounds a bit like sabotage or industrial espionage. Are you good friends with the person? Maybe the threat of taking action might calm them down a bit....
 
Upvote 0 Downvote
Under no circumstances would I take it as a "got me" and forget it. As a minimum, this person would be terminated for cause. At a maximum, you could press charges for criminal behavior to include industrial sabotage (yes, TomKane, it most certainly is), and on the civil side, there is the aspect of quantifying the amount of damage done with respect to credibility, and of course, the cost of recovery.

It makes no difference that he was proving a point. His/Her actions were illegal and resulted in damage. Why a crime is committed does not change the fact that the crime was committed, nor does it lesson the cost of damage recovery. However, I will allow for intent to mitigate the decision to pursue criminal prosecution.

Under no circumstances would I simply try to deal with this quietly or as a slap on the wrist. Cannot set that precedent, because that sends the message that you can do it once, if you have a good reason for doing so. Not in my shop. Nor, would I put myself, or anyone on my staff, in the position of having to defend themselves for the 2nd time this happens with any client who now has absolutely no faith in me because I failed to properly deal with the 1st offense. Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
Yeah, Like TomKane said if the person worked for you, you could actually fire them, whereas if they did not you don't have this option.

It makes no difference in how ethical the person is - clearly he is not very ethical - but the difference is your options of how to deal with it. Software Sales, Training, Implementation and Support for Exact Macola, eSynergy, and Crystal Reports
dgilsdorf@trianglepartners.com
 
Upvote 0 Downvote
Criminal behavior should result in criminal charges. Contact the police to see if they have a white collar crime unit that handles this type of case. Or FBI.
If it was done from home, the supposed professional is liable, if from work then employer is possibly liable, and has good reason for terminating. Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
If this guy wanted to "prove a point" it could easily have been done without actually sending a "live virus" - all he needed to do is execute a popup saying "Your security has been breached; please be assured this program will not replicate or cause any further interference. You can remove it by doing....."

Kimber - your actions are going to be dictated by the relationship you have with this "professional". You are well within your rights (legally, morally and ethically) to press criminal charges, or you can sweep it under the table if you wish.
Basically, you have to consider what's going to be best for you and your company - will taking a particular action risk a contract, or will not taking action do worse damage to your credibility? <marc>[ul]help us help![li]please give us feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]
 
Upvote 0 Downvote
KimberTech:
Let's call the ignoramus in question, &quot;Fred&quot;.

Fred's actions indicate to me a complete disregard on his part for the consequences of his own actions, either willfully or through ignorance. In either case, I think an object lesson for Fred is in order.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Is it OK to walk into a maternity unit and steal a baby to prove they have bad security?

At the very least this character should have told you your system was insecure, and then warned you they intended to prove it by sending you this message etc. etc.
Anybody with anything between the ears could have understood that. There's definitely an element of proving-he-could-do-it here, which is one of the motivating factors of bad-attitude virus people.

Right, I'm off to burgle someone just to prove the police aren't up to scratch...
(not really)
 
Upvote 0 Downvote
First of all do not file this away as a &quot;got me&quot; and forget it.
Secondly, do not drop to this persons level. What Manarth said about your relationship with this &quot;Professional&quot; is dead on. Back up all the evidence that you have. I personaly would contact the other persons employer (if it was sent from their work) and present all the evidence that you have. If they are unwilling to do anything, then I would contact the authorities.
Next I would offer to repair any damage done to customers at your cost.
Finally, you need to review your own security. The only way you should be able to open a virus is if you know it is a virus and you want to open it.
 
Upvote 0 Downvote
This was unacceptable behaviour, especially for a professional! Use the chain of command. Inform your supervisor/manager/CEO that &quot;Fred&quot; wanted to prove a point and infected the network. This can be done anonymously if you desire. Let management decide how to proceed.
(select * from life where brain is not null)
Consultant/Custom Forms & PL/SQL - Oracle 8.1.7 - Windows 2000
 
Upvote 0 Downvote
Thanks for the posts guys.
I DID repair all of the customer relations with my clients, except one, the local Police Dept.
They were not infected, none of them, as I had more than adequate protection and reminded them that I have a SPECIFIC procedure that I use if I am sending them an attachment, something in the subject line. They actually listened thankfully...and those that didn't had up to date AV and I had set it to update often.

The person didn't prove that I had inadequate protection, just that he could use the fact that I trusted him as a professional to get past my defenses.

He is MCSE...I reported him.
He was employed, and the mail server at work was where he got the virus in the first place.
I reported him to them as well...to HR and to any email addresses I could find.
I didn't persue any criminal charges, but I sure think there should be some type of better business bureau or agency for reporting childish morons like him.

This happened quite a while ago.....I have made sure that all of my corporate clients know exactly who perpetrated the stunt, and he has lost credibility in this area...but he works elsewhere in the province.

What bugs me is that some of my clients still remember it, and while reviewing my network for upgrades and planning a new deployment I have been thinking about it a lot.
Wondering if I handled it correctly.
If I should have handled it differently.
I sure gave him a piece of my mind~!! Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Upvote 0 Downvote
Kimbertech,

The person didn't prove that I had inadequate protection, just that he could use the fact that I trusted him as a professional to get past my defenses.


I'm just being devils advocate for a second here. What if somebody you trusted as a professional had accidentally sent you a virus? The fact is your protection was inadequate. If it was adequate, the email would have never gotten to you or would have been flagged as a virus when you received it. It seems like you did a better job of protecting your clients than you did yourself.

Don't misunderstand what I'm saying, The guy sent you a virus intentionally and should lose credibility and probably should have been brought up on criminal charges. Hopefully you learned a valuable lesson from all this.
 
Upvote 0 Downvote
IT was NOT an email..read my post..he sent it through file transfer, and I executed it because he fooled me.
Shame on me....defenses are fine. Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Upvote 0 Downvote
Kimber,
no matter how you received the file, the fact that your computer was infected indicates your defenses are not fine. TRUST shouldn't play any role in your defenses. What would happen today, if a person that you trusted had unknowingly transferred you a file with a virus? If you haven't looked into ways to prevent this from happening again, it will happen again!
 
Upvote 0 Downvote
To execute the file that was sent to me, I had to enable scripting.
I also had to take that he wrote it at face value.

I virus scanned it, but it came up clean. apparently I had missed the update by minutes only. ..as it was a new virus that hadnt come up in the previous update.

I did learn something...trust absolutely nobody, and set up a bench system for opening anything from any source.....trusted or not. I knew him personally...and had a technical and trust relationship with him.

Nothing is foolproof....no software or hardware..because they are always coming up with ways to circumvent your defenses....and new undetected virus programs.

I normally do not execute anything that is even suspect, whether I know the source or not.

Furthermore, your posts are off topic.

I do not need a lesson in how to protect my network...I asked for opinions on what to do with people like this twerp.
It happened a long time ago...and in all the years I have been doing this it is the one and only time I was caught out.

Kimber

Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Upvote 0 Downvote
Kimber:

the support
your protection was adequate and sensible - there is ALWAYS new viruses coming out; there is a limit to the degree of protection you can give yourself. Someone is almost ALWAYS infected before preventative measures are taken.

Is it ever enough?
You trusted someone (from outside your organistation) enough to execute their script. If the user were internal, then you would have been too late anyway (the virus would already have been on the system); as it is, you've learned to setup private &quot;bench test&quot; systems to use with people outside the organisation.

QUESTION: If you never knew how you received the virus, would you have stressed? After all, you took appropriate AV steps - as it happens, it being a new virus, it evaded the AV. Hardly your fault.

As a final point, I never &quot;trust&quot; any file sent to me - the &quot;melissa&quot; and &quot;love bug&quot; virii relied on trust to get the recipient to execute an attachment - of course, the sender wasn't even aware of the email he supposedly sent.

Having said that, you've already instigated virus scanning - the only further step I can imagine is quarantining ALL scripts / attachments / programs for 24 hours (or sufficient time for your virus tables to update) so any virus detection program has enough time to learn about new virii BEFORE the user is allowed to execute the suspect script.

Can you afford to wait more than 24hours to respond to ANY email? Exactly - so you did good.

<marc>[ul]help us help![li]please give us feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]
 
Upvote 0 Downvote
Hey,

Lots of good posts, nice to know what to do in a situation like that. Like Kimber said, it was a file transfer, not email - so what Marc said was slightly off point, but certianly not irrelivant.
Another way of preventing viruses is using a top notch ISP. I appologise if this is breeching any of the Tek Tips rules but its from personal experience. Nobody can have 100% AV protection, but MessageLabs have been a lifesaver. No quarantining times or worrying that your not updating your DAT files every 10 mins to keep up to date. I highly recommend them. I don't know if you can use them directly, but we use it via our ISP. As stated at the bottom of all the Tek Tips pages, Promoting/Selling is not allowed ( that why I was reluctant to mention MessageLabs) but if you want to know of the ISP we use (and I cannot recommend them enough!) email me. steve@timbertradinguk.com.


Steve Hewitt
Systems Manager
 
Upvote 0 Downvote
Marc,

Thanks for the encouragement...and in answer to your question, no I doubt I would have stressed much about it.
Breach of trust and professionalism and a valuable lesson though.

Always looking for a better way...
Kimber

Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was already addressed in another thread.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dimandja
  • Locked
  • Question
Microsoft offers free anti-virus program 1
Replies
8
Views
85
pmonett
pmonett
GwydionM
  • Locked
  • Question
Ban Virus writers from owning a PC? 3
2
Replies
39
Views
195
SemperFiDownUnda
SemperFiDownUnda
CajunCenturion
  • Locked
  • Question
Combatting the Virus 1
2
Replies
22
Views
149
dilettante
dilettante
wbg34
  • Locked
  • News
White hat virus??? 1
Replies
18
Views
125
KornGeek
KornGeek
welshtroll
  • Locked
  • Question
Virus Hell 4
2
Replies
36
Views
224
Rhys666
Rhys666

Part and Inventory Search

Sponsor

Back
Top