back to article Sysadmin's PC-scrub script gave machines a virus, not a wash

Welcome again to “Who, me?”, The Register’s confessional column in which readers reveal their mistakes*. This week meet “Chad”, who told us that “Very early in my career, while I was still in community college, I worked as a computer lab assistant at the school.” His assistance was needed because students did all sorts of …

Anonymous Coward

I can't forget some AV package...

...that claimed that a recently formatted PC was infected. It was formatted from a bloody hologram-printed, legit, Microsoft Windows CD, so it couldn't possibly be infected. Indeed, the AV package said the MS-pressed CD was infected as well.

False positives were not a thing back then... The AV package issued a fix that cleared the problem... who would you sue for spreading viruses? Microsoft? Good luck with that!

That one saved my face, when I proved the AV package claimed the freaking original MS CD had a virus and we all knew it was impossible, because the entire planet using a Windows 95 would be aware of it by that point.

3
0
Facepalm

Re: I can't forget some AV package...

On the bright side, it was only one PC AND it was only a warning.

Some years ago while working in a government office the McAfee software on the network got updated with a bad set of signatures. It detected the OS com file for connecting to the network as infected and quarantined it. This resulted in about 1200 computers in the office being unable to connect to the network. Which also meant that even after the vendor fessed up and sent out updated files, they couldn't be fixed from the network. So we would up with some CDs walking around to each system, booting into safe mode and updating both the AV and com file. EXCEPT, per government regulation we were updating the local admin password every 90 days. Except the update didn't always work. So we had a list of the previous 3 years of admin passwords to work through to log into each machine. WORST! THREE! DAYS! OF! MY! LIFE!!!

1
1
Silver badge

Re: I can't forget some AV package...

Microsoft surely has sent out a virus on discs sometime. Maybe in the "TechNet" support package. And that's if you don't consider Windows itself or the Office talking paperclip to be viruses.

Not to mention hoaxes like: (safe, probably.... you trust me don't you??)

https://www.snopes.com/fact-check/jdbgmgrexe/ "(Teddy) Bear Virus"

0
0
Bronze badge
Coat

I'm leaving; I've cum too early......again!

The wife too caught a nasty virus from a floppy, doctor gave us a shot of penicillin and I had a lot of explaining to do.;)

Maybe if you had a hard drive she might have cum right.

Mines the one with the expired, unused prophylactic in the pocket. :-(

0
0
Silver badge

Your PC is now Stoned.

4
0
Anonymous Coward

Should I be admitting to this?

Anon for a reason.

Should I be admitting to this? Well it was over 20 years ago in the 90s, surely nothing can come of it now.

Was on an IT course back then and enjoyed it. Never really took in the networking side for some reason, considering I enjoy it now. Anyway. The one thing I had notice was the way we'd login to the network. Boot the PC to Dos. Switch from C drive to F drive (can't remember exact letter). Type Login and press enter. Then you'd put in your login details and password. You were now logged in with your network account. Now type WIN, to start Windows 3.1

Interesting (it was relevant). During this time we were being taught programming in Pascal. I loved it but turned out I was crap at programming. Anyway. One day while playing with Pascal at home I discovered a bit of code in the help file that taught you how to write what was input on screen to a file.

So a plan appeared in my head but purely for education use only. I knew I wasn't great, I thought surely it wouldn't actually work. And I'm being honest about using it for education only. I coded what turned out to be a sniffer program. I had noticed so many people in lessons would type Login when on the C drive. So I made my program, called it login.exe and dumped it on the root of C on a few PCs in class. Told a few friends about it but told them NOT to abuse it. We would then collect the assignment.doc later (the file where all logins and passwords were getting stored from my program). Because people had a habit of saving their college work on the drives as well. I never could work out how to make the password appeared starred out on screen though, that was one flaw.

I only remember we used one login that actually worked and was in that persons account. I was amazed. Not knowing enough about network at the time and amazed my program had worked. I do remember to this day for some reason, the password was masterofpuppets. Once in the persons account we never did anything, I insisted we never did anything, I'd just created it to see if it would actually work. And that was it.

Later said idiots I told got caught messing around with animation software and pressing reset on PCs when a lecturer was near (that was banned because it meant if you pressed reset, you were up to something)

Lucky for me I was off sick the infamous week or just couldn't be bothered to go in, I can't remember which. They got pulled up for the animation stuff (they were creating animations being derogatory to the staff) but also I think one of them got caught with the login program. As I told them at the time, if you ever abuse it and get caught, you know nothing about the author. I was lucky they stuck to this code as in their "interviews" they kept quiet. They were told "Whoever created this program is really good. Tell us what you know". I knew that was bullshit, the college hoped they'd boast. It wasn't good code, it was code taken from the Pascal help file. Two got kicked out and the other one was allowed to stay. There was also a big "talk" about it in the hall. It was weird sitting in a hall having a "security talk" about how "serious" it was and knowing it was me and that no one else in the room knew it.

About a year later I found an article in the 2600 magazine talking about very basic encryption for Pascal. So I added that to the sniffer program. So now, if you found the assignment.doc file it looked all scrambled instead of being obvious was it was.

Never did anything with it after that. The talk successfully scared me off doing anything else. I wonder if that's where my interest in IT security came about.

4
1
Anonymous Coward

Re: Should I be admitting to this?

Luckily you no longer need a program.

Just run an audit on your Windows domain to see how many failed login there were.

You would be surprised how many passwords you turn up against failed login names.

Tie that up with a successful login against a PC name and bingo...user name and password.

I would guess thats the same for almost any User name / Password set up.

Apparently...although I've never seen this in real life....but thats what a bloke in the pub told me.

1
1

Re: Should I be admitting to this?

It was a well known thing for Netware that logging in ran Login.exe. If you created a login.com (as a hidden file) and that was somewhere on the path, that would be executed preferentially (unless you specified the extension). Dead easy way to harvest passwords.

The more significant vulnerability was in the crappy mail directories. That's where the login scripts for users were stored and all users (including guest) had create rights to all other user's mail directories. So if a Supervisor login script hadn't been set, it was easy to create one with a "GRANT ALL TO <user> IN <directory>"

0
0
Silver badge
Joke

Re: Should I be admitting to this?

> Should I be admitting to this? Well it was over 20 years ago in the 90s, surely nothing can come of it now.

> Was on an IT course back then and enjoyed it.

Pervert!

2
0
Silver badge

Re: Should I be admitting to this?

One of my old favourite newspaper quotes from BBC radio's "News Quiz" (listen tonight for extended programme):

"Asked if she had anything to say before sentence was passed, Mrs Buckingham told the court: 'I have worked for British Rail for fifteen years. I am very sorry and ashamed.'" - Yorkshire Post

0
0
Silver badge

I didn't infect anything ... but everyone screamed

The wife had people passing around .exe files at the school she taught at - the principle told them to stop it and everyone ignored him so I gave here a file called australia.exe that flipped the screen upside down. She forwarded it to everyone and the school went to pieces because everyone ran the thing and then panicked. They stopped passing around executables after that.

5
0
Silver badge

My dad had fun with Intel...

Back when I was a wee lad no taller than a cricket wicket, my dad did work for various corporations like Intel. They would send him some software, he would write a user manual for it, then he'd ship the whole thing back so they would pay him.

My dad being the crotchety old fart that he was, he used a non-IBM-compatible computer for all his work (A Commodore PET if I remember correctly) & a bit of software shim so his machine could read/write to their desired floppy disk formats.

One day he gets a call from his contact at Intel advising him "you have a virus on your PC. The disks we got from you were all infected." Dad politely tells him "That isn't possible. Perhaps you might try disinfecting the virus scanning computer?" The Intel guy is adamant that it's *got* to be my dad's fault. Dad is adamant that it can't be. The Intel guy offers to send a tech to my dad's office, scan his machine, & *prove* it's my dad's fault, to which dad smugly agrees.

The next day the Intel tech arrives, dad shows him to the office, & the tech starts to get out his virus-uninfected boot floppy... only to freeze in his tracks as he realizes my dad doesn't have an IBM compatible into which he can put it.

"Where's your computer?" he asks incredulously. Dad points at the C= PET & says "Right there." The tech stammers "I can't do anything with that, it doesn't take IBM formatted floppies!" Dad smirks & replies "It can read & write them, but it doesn't boot to them. There is no known IBM compatible virus that can survive on my machine, especially after I reboot it. Now, please tell me again how it's *MY* computer that's given you folks a virus?"

The tech had to go back to Intel & tell them my dad was right, then initiate a witch hunt for the actual source of their virus.

Meanwhile my dad doubled his rates to Intel for having called him a liar.

Moral of the story: Sometimes it pays not to be running the same stuff everybody else is using, especially when virus' are a concern. =-)p

18
0
Silver badge

But the best feat of them all...

Those virii could also override the write protection tab on a floppy with ease. That was the scary part because, until I learned otherwise, I always thought that the readonly tab would trigger a routine in the drive itself which would then make it refuse to do anything.

Well.. that's not the way it works and you can actually bypass all that. So much for floppy security...

1
2
Silver badge
Boffin

Trigger Happy TV

My favourite sketch. Dom Jolly in full yellow HazMat suit carrying a PC into a PC repair shop, putting the box on the counter and saying “I think it’s got a virus”

3
1

Root filesystem takeover panic

Windows 95 plugged to a network that had Solaris servers running Samba.

In windows 95 you could bypass login by hitting escape and then create a new user. I had created a user called 'root' with a blank password and full privileges.

When transferring files from the win95 machine to the Solaris server these were written from user account 'root' so nobody (except) could access them. IT was puzzled who the hell had the root password... they changed their root password multiple times, yet somebody always seemed to guess it.

Things got worse when , using windows file explorer directories were cut and pasted .. and changed permissions to 'root'...

Finally this was found out to be a bug in samba.

4
0

Valentine's day virus

One day I got to work, fired up my computer, and got my first message: "I love you man!" From my boss (a VP). I thought: "Yeah, cute." Then my antivirus said it had blocked an infection. Then I got messages from all the VPs and Senior VPs in engineering, some of the board, and about half my colleagues. Pop-up messages from the anti-virus product filling my screen as fast as I could close them. At that point, it was officially creepy. A lot of the engineers weren't running with any protection.

0
0
Silver badge

Re: Valentine's day virus

My boss got the ILOVEYOU e-mail - or something similar - and it did cross his mind that it could be a virus. So he didn't open the attachment. Instead, he forwarded it to me, to ask my opinion. Which was that he was out of his league. Also, out of his mind.

0
0
Bronze badge

Fond memories...

Quite some time ago when I was between jobs, I got called by one of the local slave traders (aka temp agencies) who were looking for *all* the available IT talent they could get their claws on.

seems one of the local aerospace companies had severed all the interconnections to each of their offices world wide, and were decontaminating them one at a time after an executive had brought in a laptop with Code Red/ Nimda on it, which proceeded to spread like wildfire through their infrastructure due to (you guessed it) a lack of upkeep on patches. (this was also during the Bad Days of Windows 9x, NT 4- WSUS didn't exist, and SCCM was known as SMS and was even more terrible than it is now.)

I spent about 50-60 hours there over a week and a half going through one of their larger facilities with a team of ten-fifteen others with a minder for the group and a couple burned Cd-R discs with the patches on them hitting up every machine we could easily patch, and flagging those we couldn't for the 'corporate' boys to visit later on.

I noted with some amusement and irony, that a CNC machine the size of a small house that milled blocks of titanium worth more than a Cadillac being kept from running because the $50 CD-ROM drive on a $700 compaq deskpro had failed due to being crammed full of metal dust.

Fun times, especially going through the R&D portion of the facility (no cameraphones!) and seeing my first 3d printer, which was something novel for that time period. (~2002)

3
0
Anonymous Coward

We got a call one day from one of our customers, panicked because one of their vendors sent out a product data disc that had updates for all their software, as well as a nasty virus. Their network was air gapped, but not sneaker ware gapped, and we ended up racking up some nice service charges to bring all their systems back from zombie land. The disc came from an international company with thousands of distributors - I can only imagine how much they spent on that little error paying back said distributors.

1
0

Farwwell message that became a virus

Had an application support engineer transfer (he got shuffled around the various IT divisions of this multinational for reasons that will become obvious) so he wrote a farewall message on the OS login script for the application userid, but made it so the text file added to the login message was tar'red without a ".tar" format. Two problems

1. He did not revert back to the old login script, but kept adding the message to the end of the login script EACH TIME IT RAN! (cue 10 screens of output each time you stopped and started the application)

2. He put it into multiple applications, so when country A and B went down, and USED THE SAME TEMPORARY FILENAME for building the login message, we had 2 country A systems running and no country B.

We made the company fly him back from Country C to remove this virus. (I found the cause quickly but made him come back to confirm it). I last heard he got transferred back in after I left, god knows what the systems look like now.

1
0
Anonymous Coward

high school in the early eighties

computer studies were available as a one unit subject, but not testable as part of the Higher School Certificate at the time.

Had a couple of apple II+ computers as hardware, from reading magazines I found where and how apple dos stored its commands on each floppy. As a piece of pure juvenile thoughtless vandalism, i essentially changed the "init" command - which formatted the disk and wrote the copy of apple dos in memory, onto the disk - to go off on the letter "p". Apple basic at the time ignored spaces, and processed dos commands ahead of other basic commands.

The command to read a disk, and load its version of dos onto the computer happened to be "pr#6" ... so when the next user came to the still running machine, inserted their floppy, and attempted to fire it up -it wiped and corrupted the disk.

The next user was one of the maths teachers, not a bad one at all, and it wiped the year 9 half yearly test results.

As a virus, it was too destructive to survive, and easily countered. More of a proto-virus.

0
0
Happy

Virus attack thwarted by crashing the network

When I was Deputy IT Manager for a Technical Publications company near Birmingham (UK), the IT Manager and I instigated a procedure whereby every incoming and outgoing floppy disc was run through a virus checker (I forget which one) on a sandbox machine that was not connected to our office network before being allowed to be used on site. This procedure was supposed to be used across all eight sites, no exceptions. One afternoon, as I was checking the outgoing discs for that day's production, I suddenly received an alarm that one of the discs was infected. I rang the IT Manager, who was at a different site that day, and he basically said to stop anyone using floppies until he got to our office. I disconnected the Thin Ethernet cables at the back of my computer, thereby freezing the entire network, and stood up on my desk to make the announcement. I then had to go round every computer, armed with the Silver Bullet disc to check them for infection, and also run everyone's discs through the sandbox computer. It turned out that only one computer was infected, the user was from another of our offices (Coventry), and had thought that, as he was still inside our organisation, he did not need to have his floppies checked (oo-er missus). I then phoned Coventry office to inform them that they were the source of the infection, and the IT manager went there next day to help their Deputy sort it out. I then reconnected the Thin Ethernet at my computer to bring the network up again. Earned my salary that day.

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018