Feeds

back to article Massachusetts PCs infected by data-hungry worm

Computers operated by the state of Massachusetts were infected for more than three weeks with a sophisticated piece of malware that security researchers say stealthily stole more than a gigabyte's worth of sensitive data over the past 10 days. Not all of the banking credentials, email passwords and other data lifted by the …

COMMENTS

This topic is closed for new posts.
Unhappy

Adding Insult to Injury

So... they were stealing banking credentials of people who are out of work and getting financial assistance from the government.

That's just MEAN.

2
0

Not mean...

Maybe a bit stupid. Perhaps targeting people with jobs and money would be a better strategy. Maybe "Peggy" on the Capital One commercials is behind this one.

2
0

Not just the unemployed

The shit's gonna hit the fan here. The DUA has company officers' and directors' SSNs on file. And employer bank accounts. They SAY most of those weren't stolen, but their credibility is already tarnished. Now that some influential people are getting hurt, maybe something will be done about this useless, dysfunctional agency and its POS information systems.

0
0

This post has been deleted by a moderator

Happy

MAssachusetts?

Wasn't that the place that hounded its CIO out of his job a few years ago for daring to suggest that they abandon Windows in favour of Linux?

10
1
Go

Yep, it's them already!

Maybe it's about time someone should be fired there for buying into Microsoft.

8
1
FAIL

Heh

Yes, and replaced him with an Ex-Microsoft pod-person. But I think you mean the ODF scandal.

The only state I know looking into Linux is ____ and I don't want to say because walls have ears and people get fired surprisingly easily for trying to advance their states computer technology.

3
0
Big Brother

re: Massachusetts CIO

@Fred Pilcher: Wasn't that the place that hounded its CIO out of his job a few years ago for daring to suggest that they abandon Windows in favour of Linux?

No, Louis Gutierrez got fired for suggested Massachusetts move to an Open Document Format

http://www.computerworld.com/s/article/9012760/Q_A_Former_Mass._CIO_feels_bittersweet_pride_after_battles_with_Microsoft_legislature?source=rss_news50

http://www.computerworld.com/s/article/85563/Former_stake_CTO_Dan_Geer_on_Microsoft_report_firing?taxonomyId=017

0
0
Flame

Not the only one

Peter Quinn was forced out as CIO for the same reason. So was Eric Kriss, apparently.

http://www.cio.com/article/19965/A_Win_for_Microsoft_in_Massachusetts_

Same thing happened to me in 2008, three months after I landed an IT job in the state college system. We were using Linux and Django for web apps... there was a department coup... bye bye Linux. Then the college received a nice gift of... free MS crap software for the students. Arrrgh....

1
0
Alert

Well, at least Massachusetts is following...

... its own data breach notification law, one of the first enacted in the US, against intense lobbying by financial institutions and merchants offering online access to goods and services.

So, at least in this instance, there's no "Do-As-I-Say-Not-As-I-Do"-style mud-slinging (yet).

However, if the present State administration wants to minimise potential fallout, it better move faster than Sony did in offering some sort of ID-theft insurance. The fact that the infection worked it's way so deep into a government services agency that processes so much personal info makes responding to the theft in an urgent and efficient manner all the more important...

2
0
Anonymous Coward

Antivirus

and which antivirus were they using?

1
0
Anonymous Coward

Re: Antivirus

If they were running Windows, does it really matter anymore?

5
3
Gates Horns

Computers infected with Malware?

"W32.Qakbot is a worm that has been seen spreading through network shares, removable drives, and infected webpages, and infecting computers since mid-2009 .. The worm arrives as an EXE file that is UPX packed with an additional custom encryption layer. Within the EXE is a DLL that contains the core functionality of Qakbot. The executable accepts the following command line arguments:

The autorun.inf file allows Qakbot to autoexecute in certain versions and configurations of Windows when the removable drive is inserted."

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf

0
0
Silver badge

Windows again...

Hmm, apart from making the usual smug comments about the the most hacked system in history, it strikes me this is such a typical attack that any competently secured installation of Windows should have survived. Symantic say "the visiting computer is subjected to various application exploits" but no more details.

Have I missed the idiot factor?

0
0
Anonymous Coward

qakbot

It was zero day strike. Norton, McAfee and other anti-virus products simply failed to detect and/or remove the virus. The virus was categorized as low threat, and very little info existed on Symantec, McAfee about that trojan. (before May 2011)

It takes advantage of a security flaw of many enterprises: Technical support and System Administrators often have full access to everything.

We traced our infection thru an email. It infected the user's computer. She reported that her computer ran strange and weird errors. (she did not have administrator access to her own computer). Tech visited and logged into computer to diagnose. (the virus then enumerated every C$/$admin share that it could see using the logged in Tech's identity to infect other machines. (Tech had administrator access so it simply took advantage of his access and infected everything possible)

(It needed Zero Day to get into the enterprise, but then took advantage of given access to remote install itself everyone else.)

McAfee still didn't see the virus. Before you know it, all your systems are keylogging like crazy, you have a random named task scheduler service, and your ftp is busy.

1
0
Anonymous Coward

Wow what is it with all the incompetence lately?

It's it me or does it feel like another excuse for rolling out some new laws by senators who don't know nothing about securing boxes?

I mean Sony... Christ sony, hire a high-school kid, and have em roll out mod sec on apache or nginx and static pages or something... 10000 attempts from one IP? Heard of BFD? pf firewall?

iptables -j DROP

0.0.00/8

1.0.0.0/8

...

255.0.0.0/8

Gee no packets anymore in under 40 seconds!

Norway and html mail? I'd be ripping all email programs out of all boxes. Read your ****ing mail elsewhere. Got TEXT? How about ripping out all code from the email? Filter?

it's not computer security vuln's, it's utter incompetence and lack of accountability.

These companies ought to be SUED for incompetence.

And for the military, Why do they even HAVE email at all on a so called "secure system?"

Got encryption? how about a 2048 AES? Seriously wtf?!

Of course this is my opinion.

0
0
This topic is closed for new posts.