17-user client (2005 - 2014)
The client’s story
in 2005, this client hired us to fix a small malware infection on one PC. After we completed this task, they continued to use us for many years Over the years, we helped them with many projects and made many improvements to their system. In 2009, this client has only had one major problem. They were infected with the Conficker virus. This is described below.
Case Study - Conficker virus in 2009
About this virus
This virus infected 9 million to 15 million computers in 2009 according to Wikipedia at https://en.wikipedia.org/wiki/Conficker#.
Above image was taken from https://abc13.com/archive/6645494/
Problem
In 2009, the client called us to fix another virus. It was reported that programs could not be opened on a few PCs and on the single server. We scanned the infected PCs and server for viruses. The antivirus found and quarantined many. We rebooted the cleaned devices, but the problem continued. We attempted to patch the machines with an update released by Microsoft, but the problem continued. We even attempted to reinstall Windows Server and restore the server from backup. The restore was successful but it required a reboot. After the reboot, the infection came back. We tried 3 different antivirus/antimalware programs with the same result.
Solution
We submitted an infected file to Symantec. Symantec released a definition within 5 minutes. The virus scan was able to detect and remove the infection from the affected PCs and server. We were then able to restore the server from backup and format and reinstall all of the workstations. We were able to get the system back to the way it was prior to the infection.
Result
The client was obviously relieved. They were able to get back to business after extended downtime.
Backstory
We setup a system that reasonably protected itself against problems. This included corrupted Windows files, viruses, power issues, Internet threats and many others. No external computers were allowed to connect to the client’s network other than insurance adjusters with their work notebooks. The network was locked down and secure. The question is how did the virus come in?
We later found out that the client installed an access point with no password. We were unaware of this device. All of the neighbors (over 200 PCs) connected to the client’s wifi. At least one of the neighboring PCs had the virus and spread it to all connected devices. This one open wireless access point was what open the door to the infection. That’s all it takes sometimes… one little hole.
