Malicious code that mysteriously found its way onto an internal virtual print server took out nearly 800 computers used by the city of Norfolk, Virginia, last week.
The code apparently was activated when workers shut down their computers, said Hap Cluff, IT director for the city of Norfolk. "It was triggered by the action of logging off," he said. "
The code nearly wiped out the C drives of the 784 affected computers and essentially deleted the Windows operating system. The contents of the system folders on those machines, normally about 1.5GB in size, shrunk to 500 MB, he said.
Cluff believes the code may have been a "time bomb," possibly loaded a long time ago but set to activate on a specific date. "Someone could have done it who knows how long ago," he said.
Cluff's team noticed that computers were taking longer than normal to shut down around 4:30 p.m. on Feb. 9. Those machines could not then be restarted. After investigating, his team discovered that a virtual print server was pushing out malicious code. The team pulled the virtual server offline, scrubbed it and reverted it to a previous instance of the print server software, he said.
The code did not propagate in any other way, so once the server was offline, the code ceased to spread. "It never propagated by any other device, only that one server pushing out this code, and all it did then was destroyed
Source : http://www.computerworld.com/s/article/9158499/City_of_Norfolk_hit_with_code_that_takes_out_nearly_800_PCs?taxonomyId=16
The code apparently was activated when workers shut down their computers, said Hap Cluff, IT director for the city of Norfolk. "It was triggered by the action of logging off," he said. "
The code nearly wiped out the C drives of the 784 affected computers and essentially deleted the Windows operating system. The contents of the system folders on those machines, normally about 1.5GB in size, shrunk to 500 MB, he said.
Cluff believes the code may have been a "time bomb," possibly loaded a long time ago but set to activate on a specific date. "Someone could have done it who knows how long ago," he said.
Cluff's team noticed that computers were taking longer than normal to shut down around 4:30 p.m. on Feb. 9. Those machines could not then be restarted. After investigating, his team discovered that a virtual print server was pushing out malicious code. The team pulled the virtual server offline, scrubbed it and reverted it to a previous instance of the print server software, he said.
The code did not propagate in any other way, so once the server was offline, the code ceased to spread. "It never propagated by any other device, only that one server pushing out this code, and all it did then was destroyed
Source : http://www.computerworld.com/s/article/9158499/City_of_Norfolk_hit_with_code_that_takes_out_nearly_800_PCs?taxonomyId=16
No comments:
Post a Comment