Archive for the 'Computers' Category

Are we having fun yet? Backdoor Trojan :-P

October 8, 2009

It was a quiet Sunday afternoon. I was at home working on some financial stuff on my home computer.  I was waiting for my daughter to call from Scotland (she lives there.)  The phone rang – oh good Alana is calling – – but wait – – the caller ID say it is the home phone of our operations manager at the County where I work.  This can’t be good, we are not social friends, I debate – should I answer it?  I figure I should so when he tells me we have about fifty computers infected with a virus and two of his employees are in operations trying to find out what they can do to stop it – beside the fifty desktop PC most of the 80 plus servers are infected.  While talking to him, the phone beeped – it was my daughter.

I got to talk to Alana for about fifteen minutes and then headed to the GSC where I work. When I got there Dan and Keith were working on cleaning the servers but it was not working too well.  We use Symantec Enterprise for all our protection and it was finding two of the listed bad guys but when they were removed they came right back. We tried some other products and found one that identified Qbot as the real culprit and even that tool removed it but it returned a while later.

Keith worked with engineers at Symantec and after about two hours I realized that I could not do much as until we had a fix from Symantec we were stalled in the water.  I discussed shutting off various links to networks we knew were infected but because our server farm had been infected – well it would not make much difference except that emergency services and other important things would be down.  The Trojan did not seem to do damage to the systems as it was more for gathering information not havoc.

I went home and tried not to think about Monday morning.  Keith had some success with the engineers – they isolated the biggest problem and sent rapid releases to fix it.  Like many things we should do and don’t, we had never upgraded all our computers to the newest version of Symantec – that was a big mistake I will take some blame for. Many of our older computers were not capable of running version 10 and we assumed that they would not be able to run version 11 (current version) – the fact is that 11 takes less resources than 10.  All the versions we had were pretty much able to stop the spread of the bad guy but it still took time.  As anyone can tell you that works around a large network in many locations with different speed connections – time is not on your side.  The Trojan moved faster than our up-dates to the software and because of that most of our 1900 computers had the Qbot on them.  By noon on Monday we had it pretty much contained and it was not spreading (well when all the machines have it that happens too!)

It is now Thursday and we are just able to tell people in finance that they should be safe to log into on-line accounts, we are 99% sure our out-bound protection kept the Trojan from “calling home” with data from users but we are recommending they change passwords and monitor anything they may have accessed from their desktop PC.

Almost all of the stuff we sent to the engineers at Symantec was new and the first time submitted – lucky us!!!

It looks like a few weeks of vigil to clean any little hot-spots that remain – by today all our computers (that we can access) should be up to date.

I was running Windows 7 (we get it early) and while the Trojan was delivered, it would not run, it did send the Trojan to Microsoft under WER (Windows Error Reporting) because all 14 of the exe files crashed when W7 tried to run them – I guess they were not certified by Microsoft – I hope they don’t fix them so they run!


It has been a while since I posted – heart and Apple(tm)

May 19, 2009

Good morning world! As the title says, I have been lax in posting here and have decicded to correct that.

First, the Heart.  As you may remember, about three years ago, I had two stents placed in my heart and lost some weight, went through a cardiac re-hab program and have been pretty good in that area.  Last Friday (the 15th) I started feeling the same chest tightness I felt three years ago.  I also had the same feeling of impending doom or dread.  I was just sitting at my desk so I waited a few minutes and it did not get better.  I carry Nitro (old stock) and placed one under my toung.  They are over six months old so it desolved very fast with only a small amount of “bite.”  I waited about four minutes and took another one – I started to notice a reduction of the pressure and a headache – the less pressure in the chest told me the Nitro was doing something and the headache is a side effect of the drug.

I called my wife and she drove me to the urgent care – they in turn sent me to emergency (across the skywalk) and there they assumed that I must be having some kind of heart problem.  I got the IV, blood thinners etc.  The ER heart doc on call saw me and said my blood looked good and the EKG was fine but choice again (just like three years ago) stay in the hospital over the weekend or we can get you into the Cath Lab for an Angiogram today and you should be out tomorrow one way or another. I don’t like hospitals so I said “lets do the Angiogram.”

It is amazing how simple that seems to be, they don’t even make me remove my hearing aide or glasses.  They help you onto the big flat (cold) table and it appears you are awake the whole time (this time it was only about thirty minutes because they found everything in my heart looked great!  For that I am happy!  No blockage and the previous stents are just fine.

I got back to the recovery room and I was expecting a clamp on the groin thing.  No, now they just slap a bandage with a sponge under it over the hole in my aorta and tell me to hold pressure on it for a half hour or so.  They tell me to release and they look at it and tell me it is fine.  Okay, they move me to my room in the heart intensive care uint (just in case I have a problem) and I spend the next four hours flat on my back.  around 8:30 pm they let me raise the bed a bit so I can eat a sandwitch and I am munching away thinking this is not bad when I felt a spray of liquid against my leg, I though – is my bladder bursting and I am peeing the bed? – NO! I am bleeding like a fountain and a lump the size of a golf ball is just below the bandage.  I press the help button a few times and start screaming I am bleeding here!  Help!

They come in very quick and bring the Clamp – I could have lost over a pint of blood in a few minutes and my life in about ten from that.  They clamped it and I had to spend the rest of the night pretty much flat on my back.  I did move the bed up a small amount at a time and they took the clamp off around 3:00 in the morning.  My leg hurt so much about 1:00 am I asked for morphine (great stuff when you are hurting, I don’t remember ever taking it before.)

I got out of bed about 7:00 in the morning Saturday and was home before noon.  The doctor told me they don’t have a clue what caused the chest event but my heart is fine.  The doctor did not suggest follow up unless I wanted to spend a lot money and time on tests that may not find anything wrong. Could have been mind over body or the fact I have been taking various things for my really plugged nose at night – some of these are not good for people with high blood pressure like me. So now I know my heart is fine and that is comforting – I hope I don’t have to go through that again but I am very blessed to live in a town like Duluth – we have one of the top 100 heart centers (where I went) in the nation and it is only used at about 75% so you can get into have an angiogram very easy – both times I have gone from ER to rehab in less than five hours, in a bigger city, that would probably be impossible and a smaller city would have to move me to a bigger city to have it done.

Now – Apple(tm) – they really do STINK!  I hope I did not offend any Apple users out there, Windows(tm) is not any better as far as an operating system but at least they got the hardware right.  I am a hardware guy for the most part and can take a PC apart and put it back together with one hand behind my back and my eyes shut.  Apple – I still don’t know why the do what they do and I hope it is different with the modern Apple.  The one I just bought (my first) is a 1997 vintage PowerPC G3 mini-tower.  I guess from what I read, it is an awesome Apple.  My thought is WHY?  Why did they put this stupid odd-ball video connector on a pretty much standard IBM PC video card? Why did they have pins that “sense” what monitor you have attached?  The only reason I can figure is they wanted everyone to “bow down” and open your wallet and buy ONLY APPLE!  That is the reason I never liked them in the first place!

I better stop ranting about Apple(tm) or the Steve’s will find a way to make life miserable for me – wait – they did that when they decided to be so proprietary and non-conforming in the first place.


December 16, 2008

Well, I thought it was over, I found out about a week ago that my Blog (this one) was hacked – I had been using an older version of WordPress and at the bottom of each page were hidden links to porn sites.  I only found them by chance when I was trying to access my blog via my cell phone.  They show up on the cell for some reason.

Anyway, I spent the better part of an evening up-dating my WordPress and calls to Yahoo for suppor when after the update some links refused to work.  I got that all ironed out and then I get an email from Goggle telling me I am banned for at least 30 days from their search engine because I had porn links and spam links.

Google does not allow those things and that is good but let’s have some consideration for inocent bystanders in a cross fire.  I admit I should have been more alert to keeping software up to date but I never thought that was possible to actually attach hidden links to a PHP file.

I have been going through my site and searching for bad stuff – I think I got it all.

Just to let you know why I don’t appear in Google – I have applied for reconsideration but that can take days or weeks. Oh well such is life!