Tell Me Your War Stories

by Preston Gralla

To own a PC is to be a potential victim. A potential victim of phishers, trying to steal your credit card information through online scams. A potential victim of malware writers, trying to hijack your browser or record your every keystroke. A potential victim of Trojan writers, virus writers and more.



I'm researching a book about malware, spyware, and other pests, and if you've been victimized, I'd like to hear your war story. If you've found your PC filled with spyware, if you've inadvertently fallen for a phishing scam, or if you've been attacked in any other way, let me know. I'd like all the gory details - how you got the pest, what it did to your PC, and how you killed the beast.



Post some basic details here for the world to see, but send me email at preston@gralla.com, and I'll use the most relevant war stories in my book.



So you may have been a victim, but here's your chance to help others avoid what you went through.




Tell me your war story. Get it off your chest -- you'll feel better.


7 Comments

LilyNox
2004-09-30 15:14:45
Trojan Horse
I was infected with the Trojan Horse Surferbar virus. It would change my homepage and mess with my settings, very disturbing indeed. I Googled the word "Surferbar" (that is what it changed my homepage to) and from there found SpywareInfo Forums. The folks there are very knowledgable and helpful, and advised me to install HijackThis, a program that finds things that don't belong in certain areas of your computer. Using the program with insufficient knowledge can be hazardous to your computer, as you could delete something that belongs there, but the people at the forum look over your log file and tell you what's wrong. Thanks to their help, what would have been a longer drawn-out war was transformed into a mini-battle.
jwenting
2004-09-30 23:51:48
email attack?
Last year for several weeks I received several thousand email virusses per hour, far more than anyone else I spoke to.


As usual, addresses were mangled so I could not discern a pattern or where they were coming from.


It came to the point where I had to reject all emails over a certain size at SMTP to avoid my DSL line from becoming clogged and write a program to delete them all at my ISPs mailserver (thus downloading headers only).


After about a month the assault started to abate and within a week or two tapered off to the current level of a few dozen a day (maybe the sender lost his account?).


Now all I have to deal with are 3-5000 pieces of spam a week, something my blacklists and other measures are capable of handling.


Mind this is for a single email account!

rjelliffe
2004-10-01 01:40:40
My infection
Last year, I moved my PC into the demo room to give a demo for some customers. When I powered up, out poured a ton of email: an Outlook window kept popping up.


A few days before, someone had allowed a friend to attach their (infected) notebook to our network. At the same time I had disabled Norton, for benchmarking. My PC got infected, and this showed up next time I rebooted. Who knows how many people were sent virus or spams in the few seconds it was active. Anyway, the demo was off.


Not only that, but our administrator wouldn't allow the infected computer back on the network. Norton could not find the virus (Norton had been re-enabled, of course) so I was stuck.


Luckily, I had made sure to only use applications that had a Linux or Mac version, or with file interchange. So I switched to Linux, and have had no problems (that I know). I have the old PC disks mounted read-only under Linux, so I can access my old data. But I still lost several days work, and lost face in front of customers, because of what is, ultimately, the bad design of Windows. The latest JPEG exploit had me laughing as smugly as a Mac user :-)


I recommend that anyone steering IT policy for organizations ween their users off Windows.

jwenting
2004-10-01 14:53:45
My infection
maybe the lesson should be to keep your virus scanners updated and turned on at all times and to not allow laptops in the network that have not been sanitised.
joshuawait
2004-10-01 22:29:23
Anti-virus software effects speed
One of the real costs of viruses is the overhead of running an anti-virus software program. As an IT person, I have pulled a new PC out of the box and felt it's raw speed out of the box, only to see a noticeable drop in speed after installing anti-virus and anti-spyware software. It's a tremendous disappointment.


Funny that you turned off the anti-virus software to test the speed of the PC. When it seems clear to me that to truly benchmark a PCs real world performance, you would need to install anti-virus software and anti-spyware software.

joshuawait
2004-10-01 22:32:59
It's expensive to fight viruses and spyware
I have seen a constant increase in services to fight viruses and spyware. I can't begin to explain how much it costs to prevent infection, let alone recover from the damage they do. I would like to see some figures on the financial impact to companies as they seeks to stem the tide.
kagenin
2004-10-02 00:20:16
My Parents' First PC
It was an old GW2k sytem, Pentium II 266 MHz, 4MB Riva 128 Video Card, DVD Player, at the time, top of the line features. It was also about this time a little program called Winamp was maturing, and AVS was added to the features for that. If you've never seen winamp/avs in action, I highly recommend you give it a try.


The role of our PC at the time was pretty much replacing our turntable and other stereo equipment. We compressed many of our favorite albums, downloaded a few tunes here and there... My father loves AVS. It's an incredible bit of software. You have to see it to truely understand its beauty. My dad loved to make his own presets, alter some of the stock presets to suit his liking... we'd always be looking for some new presets to play with.


I was getting really into multiplayer gaming at the time when I stumbled onto a 2d isometric, online, multiplayer space fighter who's name I can't for the life of me remember. It was a pretty cool game, but I kept getting weird disconnect errors every few minutes. I hunted around for information and came across an interesting thread posted in some online forums. Turns out the very behaviour I was experiencing was a symptom a virus, a nasty one at that, too. WIN.CIH (The news media called it "Chernobyl" for reasons that are beyond me) had infected everything down to the win95 bootloader, and the virus scanner we were using at the time.


My father was crushed. He described it to his friends as if his stereo equipment and all the music around it were burning up in smoke, and there's nothing you can do about it. Gigs of music we'd compressed, gone in a snap. It hit him hard. We needed format the drive for a full OS re-install.


But we've learned a lot from what happened, like the advantages of properly partitioning a disk, and keeping a virus scanner up to date. I find that windows just plain can't run a year without becoming problematic. We partition our drive so windows, progams that would need to be reinstalled anyway, and anything that we desired to save should be saved seperate from that, to keep it safe during (frequent) OS reinstallations...


Anyway, the ultimate "war story" is probably "The Cuckoo's Egg," it was recommended reading for a college networking course I took. Probably one of the first and best described experiences outwitting a network intruder. Well worth the read if you've never read it, no matter if you come from a networking background or not.