As everyone who has caught a cold (manflu?) in the run up to Christmas knows, viruses are no respecters of holidays. This is what happened at one customer site yesterday.
The symptoms appeared gradually. Someone could not log into their PC when they came in to work. Then others had the problem. If you were already logged in you were ok. There was nothing obvious that was wrong.
The customer’s own IT person was overseas on holiday so they called in the cavalry. The Timico IT support team set to work immediately and started to analyse what was going on in the customer’s network. The company had two sites and one PC at the remote site was seen to be generating an inordinate amount of network traffic.
In fact what it was doing was conducting an alphabet attack on the company’s Active Directory server. It was trying to log on as an user on the network. Each time it did so three times unsuccessfully for each user account the server locked that account so a genuine user was then unable to log in.
This is of course good news from a security perspective although highly inconvenient from the customer’s point of view as it was very disruptive. The remote site was disconnected and the rogue PC isolated. The attacks stopped.
The virus protection on each machine was updated and a full scan run on each PC in the customer’s network. It is not always possible to tell how a virus enters your network. This customer had external virus scanning on email. It probably came from a website that someone had visited. Their desktop antivirus was in need of updating.
It does reinforce the message that the fight against virus and malware needs to be conducted on multiple fronts. All’s well that ends well and the cavalry rode off into the sunset for a well deserved New Year’s Eve Party. See you in 2009 pardners…