City of Norfolk Hit With Code That Takes Out Nearly 800 PCs
“City of Norfolk Hit With Code That Takes Out Nearly 800 PCs”
IDG News Service (02/17/10) ; Gohring, Nancy
Nearly 800 computers and 11 servers on Norfolk, Va.’s IT network were recently infected with malicious code. City IT director Hap Cluff says the malicious code was pushed out by a virtual print server and was activated when employees shut down their computers and engineers logged off the servers they had been working on. Once the code was activated, it deleted the Windows operating system from 784 computers and nearly wiped out all of the other files that were stored on the machines’ hard drives. After discovering the problem, Cluff and his team took the virtual print server offline, scrubbed it, and reverted it to a previous instance of the print server software. Those actions prevented the malicious code from spreading further. Cluff believes the code may have been a “time bomb” that was loaded a long time ago and was set to activate on a certain date. The code also could have been domain-leaked malware that captured the password of the virtual print server when the domain administrator logged on to it, says Gary Warner, the director of research in computer forensics at the University of Alabama in Birmingham. Warner says that would give the malware access to every machine on the network if the city gave administrators rights over all machines.
