Virus attack - The after-effects of Mydoom.M

You might have noticed the Virus Alert on AccountingWEB about the Mydoom.M virus yesterday. There was good reason for that warning. I got it on my main computer, and informed AccountingWEB (by telephone).

After eight years on the Net and having taken every precaution, I finally got infected by a virus through a combination of bad luck and ill-judged action.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

The latest wheeze for a virus

GRETTONPARTNERSHIP | | Permalink

Thought someone might be interested in an email I received today. It claimed to be from my ISP saying that a lot of emails had been sent from my computer in recent days and they think I may have been affected by a virus. I was then directed to click on the attachment for further details. I did no such thing and deleted the email. I suspect the attachment carried the virus.

The message claimed to come from Daemon - funny I never knew there was an "a" in Demon!

Source of Backdoor Virus....Man!

Anonymous | | Permalink

Hi everyone! Very rarely do we speak or even share the same (chat) room for that matter! But we thought in the new spirit of cooperation in the Deep Purple camp we would explain the source of the rather nastily named "Backdoor Virus". Well its all been a publicity wheeze by us to promote-

The Best of Deep Purple & Rainbow, (in the shops now!) where many nudge! nudge! wink! wink! references to backdoorism are included in our lyrics. Nevermind that we nicked it off Led Zep's Whole Lotta Love originally. Enjoy!

More frequent AV updates

nhopkins | | Permalink

Richard, the bit of your story that caught my attention was "The bad luck was that I received a mail which had the virus in it hours after it first became active, and before my virus checker had picked up the relevant update".
You can minimise your chances of encountering such bad luck by setting your anti-virus software to check for updates more frequently than just daily.
Most anti-virus programs will allow you to set your own schedule for checking for updates. With a 24/7 broadband connection there is no connection cost for these checks and the connection speed means that even if your AV program opens a window to tell you it is checking for updates, it only takes a few seconds.
You need to balance your intolerance of programs opening windows on your desktop against the increased protection offered by more frequent updates. I currently have mine (F-Prot from Frisk Software: www.f-prot.com) set to check every couple of hours and its not too intrusive. I may switch to hourly and see how that goes!

patricia caputo's picture

Virus

patricia caputo | | Permalink

I believe that I have been sent this virus as an attachment. Although I have Live Update running on broadband the automatic scan did not spot it in the attachment.

I have scanned the attachment again, however Norton still does not report a virus.

The reason why I am suspicious? Well, it purports to be sent by the Chartered Institute of Taxation and the email(sent at 5.00 am on a Sunday morning)says "I don't bite weah!".

Tip for working offsite

angehodgson | | Permalink

If you are not attached to a company LAN, then anothe useful utility is ePrompter - www.ePrompter.com - which offers a remote (and more importantly a text-only) means of viewing email *before* it is downloaded to your email client. It's also configurable to include multiple email accounts (including web-only accounts like Hotmail, Lycos and Yahoo). Oh, and it's free.

I've caught dozens of suspicious-looking emails in this way - no attachments or html is downloaded by the ePrompter client, so I can take action to remove anything iffy before I even bother to fire up my email client (and it's a damn site quicker than firing up Outlook, even on an Athlon XP2800!). It's no substitute for virus checking by any means (and if an email account receives a lot of mail, it can be somewhat unwieldy). My virus checker may well have been capable of detecting the viruses in the emails I deleted remotely, but these days it's just easier not to take the risk.

All viruses = DOOM and GLOOM

anthonyryb | | Permalink

There is no doubt that all viruses are a pain and some are potentially devastating.

Regardless of whether it's time spent deleting the emails that come into your inbox on a daily basis, or worse still sorting out your system if you've accidenntally executed it.

Viruses in any guise are time consuming and dangerous.

The recent Information Security Breaches Survey commissioned by the dti concluded:

"That although there is no magic wand
solution to protect your business, there are a number of simple steps that should be implemented to help reduce security threats.

1. Ensure that you have anti virus software in place and that it's regularly updated.
2. Ensure that you have a firewall installed.
3. Ensure that your data is backed up every single day, stored in a secure off-site location and is easily retrievable at any time."

Norton, Norman or Mcafee provide anti virus solutions. Zone Alarm may assist with your firewall requirements and Depositit provides a secure data backup solution.

Remember - Virus Guard - Firewall and Backup.

Stop the problem before it gets to you

crombies | | Permalink

As a 5 partner firm of accountants, the best investment we ever made, or continue to make, in the IT field was to subscribe to a virus scanning service from our ISP. While this service costs us a couple of thousand per year, we have the peace of mind of know that every incoming and outgoing message is scanned by Messagelabs before it goes anywhere. Any infected items are not delivered and instead warnings are sent to the sender and the addressee. Goodwill generated by grateful clients who did not even realise that they were infected has more than paid for the service.

Security Patches

Anonymous | | Permalink

You haven't mentioned the importance of applying the latest security patches to your web browser and Operating System.
Without doing this it is possible to continue to be susceptible to new forms of the same virus.

New patches should be applied as soon as they are available.

Virus attack and others

JohnB.JohnBarratt | | Permalink

Know the feeling I had a similar problem a while ago and have also circumvented the problem to a degree by using a non-MS browser and email namely Mozilla which is available free (or on a donation) from mozilla.org as it is non profit software it does not attract the attention of virus writers.
I am thinking of going further and replacing widows altogether with Linux but am not sure how my accounting software will react - does anyone have experience of this? (Specifically I use the TAS suite and Tax Assistant from Drummohr)

richard.murphy's picture

Thanks for this lot

richard.murphy | | Permalink

I appreciate the comments people have made.

Security patches are a good point and I automatically download the Microsoft stuff.

And I agree about avoiding IE. I've used Mozilla for some time having tried several alternatives (Opera, for example ) as well, and think it the best browser around at the moment. Given it's free it's paid for itself many times over - so much I made a donation in the end.

But has anyone got a free email system that's as good? I've tried several, including Mozilla's and they're not as good as Microsoft's offerings in my opinion. But I'm hoping someone knows otherwise.

Virus and aftermath

Claire Kelly | | Permalink

Hi Richard
Thanks for sharing your experiences with us. Having had a virus on my pc last year I can sympathise. I note your comments re taking the serial numbers of the software you use and thought I would share what we do here (not that it will be any help to you) in case anyone else finds it useful.
We have a disk folder in which we keep the software disks for all the pcs in work and on the outside of each pocket we have a sticky label which states whose pc the software relates to , the serial numbers, licenses etc . We then have a copy folder with copies of all the software disks and this info. These are stored off site in two different locations in a fireproof so that in the case of a fire (in the early 1980s the practice had one!) we can quickly get back into action. We also backup every evening to an external drive which again is stored off site.

It also means that in the case of a virus in someone's pc we can use our spare pc and get them back up and running in the event that it takes longer to sort things out than we can afford to wait.

We would agree with you that up to date antivirus software/firewalls etc are essential and we have all of these but as we found last year (thankfully before we networked) viruses can still slip through.

Albasas's picture

Backdoor Infection Virus

Albasas | | Permalink

I dont really believe there is a lot you can do to stop this kind of infection happening. Some just seem to be much more susceptible of going down with it than others. Or its usually just a one off event best kept to one's self because others dont understand and see it as a weakness. You turn your back on the bandit virus at your peril. There was no real deterrent in cases like Richard's. So these viruses inherent ability to mutate is obviously still not well understood by those claiming to protect us all from them.