top o' the mornin'®

Message

earendel · #1 Post by **earendel** » Thu May 08, 2008 5:35 am

An unusual start to the morning - I got off the elevator and headed for my office, only to find someone standing outside waiting to get in (I'm usually the first to arrive). It was our network administrator and he looked troubled. As I opened the door he asked me if I knew which employee used a computer with a particular barcode number. I logged onto my computer and checked my inventory and found it. While doing so I asked him why. He said that last night he had received an alert that that computer was "performing suspicious activity", by which, he said, was meant that it was either accessing or being accessed without anyone present, possible signs of a worm or virus. This automatically triggers a protocol for handling an potential intrusion. He had to take the computer off the network, and eventually a team will come get the CPU and run a series of diagnostics on it to find out what was causing the "suspicious activity". The network administrator said it could take from several hours to several days to deal with the problem, and that the user would probably lose at least some, if not all, of the data stored on the computer. Needless to say when the user arrived she was not happy at all. By then the network administrator had left, so I was the target of her confusion and anger. She is NOT a happy camper.

MarleysGh0st · #2 Post by **MarleysGh0st** » Thu May 08, 2008 6:40 am

earendel wrote: She is NOT a happy camper.

Understandably, but it's good to know the protocol for detecting and stopping this activity is working!

Let us know what the results of the scan is, if that information's not classified.

ulysses5019 · #3 Post by **ulysses5019** » Thu May 08, 2008 7:19 am

Let us know what the results of the scan is, if that information's not classified.

Do you want ear to have to kill you?

peacock2121 · #4 Post by **peacock2121** » Thu May 08, 2008 7:25 am

I am intrigued.

I like a mystery.

Especially when people are stopped from doing bad things.

PlacentiaSoccerMom · #5 Post by **PlacentiaSoccerMom** » Thu May 08, 2008 7:28 am

Do you think that she is a spy?

MarleysGh0st · #6 Post by **MarleysGh0st** » Thu May 08, 2008 7:31 am

ulysses5019 wrote:
Let us know what the results of the scan is, if that information's not classified.
Do you want ear to have to kill you?

I said if it's not classified!

MarleysGh0st · #7 Post by **MarleysGh0st** » Thu May 08, 2008 7:34 am

PlacentiaSoccerMom wrote:Do you think that she is a spy?

The more likely concern would be that her PC has become infected with a trojan. That might be trying to steal government secrets from her computer or just trying to turn it into your run-of-the-mill spambot zombie.

Either way, that's a big no-no!

earendel · #8 Post by **earendel** » Thu May 08, 2008 7:56 am

MarleysGh0st wrote:
PlacentiaSoccerMom wrote:Do you think that she is a spy?
The more likely concern would be that her PC has become infected with a trojan. That might be trying to steal government secrets from her computer or just trying to turn it into your run-of-the-mill spambot zombie.

Either way, that's a big no-no!

Most likely the latter - we don't deal in government secrets in this office, although I suppose it might be possible to get to the Pentagon through the .army.mil domain that we use. What's more of a mystery is how it happened in the first place, since all of our computers are supposed to be protected with anti-spyware software, as are the servers. Heck, most of the time I can't even get a Word document sent to me because the e-mail filters catch and quarantine them as "suspicious".

ulysses5019 · #9 Post by **ulysses5019** » Thu May 08, 2008 8:17 am

The more likely concern would be that her PC has become infected with a trojan.

Now you're trying to get me killed!

MarleysGh0st · #10 Post by **MarleysGh0st** » Thu May 08, 2008 8:18 am

ulysses5019 wrote:
The more likely concern would be that her PC has become infected with a trojan.

Now you're trying to get me killed!

Have you been infecting his coworker's computer?

gsabc · #11 Post by **gsabc** » Thu May 08, 2008 8:23 am

MarleysGh0st wrote:
PlacentiaSoccerMom wrote:Do you think that she is a spy?
The more likely concern would be that her PC has become infected with a trojan.

I thought Trojans were supposed to prevent infections.

What?

Oh.

Never mind.

ulysses5019 · #12 Post by **ulysses5019** » Thu May 08, 2008 8:45 am

Have you been infecting his coworker's computer?

I did not have sexual relations with that computer.

earendel · #13 Post by **earendel** » Thu May 15, 2008 9:29 am

MarleysGh0st wrote:
earendel wrote: She is NOT a happy camper.
Understandably, but it's good to know the protocol for detecting and stopping this activity is working!

Let us know what the results of the scan is, if that information's not classified.

The network administrator just stopped by my cubicle to give me an update. After an exhaustive series of diagnostics, it was discovered that the user's computer had a trojan on it, as well as two infected files, which were traced back to a Web site (he didn't indicate what site that was). Whatever the site was, it was also visited by a computer in one of our field offices. Chances are it was an innocent site with some malicious add-on probably unknown to the site's operator. It must have been a fairly sophisticated trojan to get past the anti-virus software we have installed; it's updated on a regular basis.

MarleysGh0st · #14 Post by **MarleysGh0st** » Thu May 15, 2008 9:37 am

Thanks for the update, ear. Even if it got past the anti-virus, it still triggered an alert. Having multiple levels of protection is a good thing!

WWTBAM Bored

top o' the mornin'®

top o' the mornin'®

Re: top o' the mornin'®

Re: top o' the mornin'®