(no subject)

[bzarcher]

Sitting.

Waiting.

We've been dealing with a Mytob.cu attack at work that crippled half the company. Why? Because 2 people were fucking morons and opened something that was obviously NOT from the security team or the helpdesk, and infected their machines.

A nice geometric figure later, we have about 100 machines infected and quarantined. I've taken over 140 phone calls today, out of 326. We've sent 3 possible fixes we could impliment + a company wide protection/fix to the two security and IT manager teams that have to approve them, and we've yet to hear back on them. I don't want to think about how much productivity the company lost today, or how much money.

I honestly don't know if I'll leave work on time tonight. I'm expecting it will be late.

Comments

[valkyrwench.livejournal.com]

:/

Blarg. That sucks. One of the best things I rammed through the budget last year was money for Appriver. They help keep the stupidity at a minimum on our mail server. I still live in fear of somebody opening a viral mail from their webmail, though.

Good luck getting all that cleaned up - I hope you don't have to stay too late.

[las.livejournal.com]

Argh!

[bzarcher.livejournal.com]

Right now, we have a cleaner script/operation ready that we could implement and force a network wide reboot to enforce. But the security guys are concerned that these PCs could have gotten a bunch of bots that we're not aware of, and that this wouldn't solve the problem.

Therefore, they're currently pushing to our VP that we spend all night re-imaging every infected machine in the company.

[bzarcher.livejournal.com]

Yeah, pretty much.

[valkyrwench.livejournal.com]

Well, that would certainly solve the problem. I'm assuming that the security guys making this recommendation are going home when their shift ends?

[bzarcher.livejournal.com]

Technically we're all on the OT clock, but several of them have mentioned they're staying no later than 8 EST, yes.

[valkyrwench.livejournal.com]

Look at my surprise. Actually, I'm surprised they're even willing to stay until 8:00.

[bzarcher.livejournal.com]

To be fair, they also commented it might be best to wait until morning to round the machines up (we already pulled their network blocks). And that we might want to go home too, if that's what we settle on - but they're still debating if we do that, or run the script and wipe suspicious machines as needed rather than an all out wipe.

[alathaniel.livejournal.com]

Want me to shoot anyone? I may not be a forensic pathologist, but I suspect I can make a sniper bullet from Pittsburgh look like a suicide.

[bzarcher.livejournal.com]

*whistle*

[flying-landon.livejournal.com]

Sounds like someone called to have a place firebombed, yes?

[bzarcher.livejournal.com]

Depending on how this hurts the company, I think several employees are going to be Firebombed.