"I Love You", the Virus from Hell
Richard Lowe Jr
Multiple time Best Selling Author and Ghostwriter, with more than 100 books published
This is the first in a series of real-life events, including security, databases, development, and other subjects, as seems appropriate. In this series, I'll present details on what happened, how we responded, and what we learned. To protect the innocent (and the guilty) I’ve changed the circumstances and the names of anyone involved.
To begin, I'll talk about the "I Love You" #virus, which hit our network in May 2000. Up to this point, we honestly didn't think much about #security (remember this was the year 2000) and we didn't (and couldn't) get any funding or resources anyway. We installed #antivirus and #firewalls and a few other things, but other than that, it just wasn't a priority.
I remember our first major virus outbreak clearly, as if it were yesterday. That day started out normally. Our systems were running as expected, users were calling in with the normal issues, and the database on one application was becoming uncomfortably slow. I'd scheduled training for most of my team, beginning at 9am. I planned to attend the training and possibly leave the office a little early - meaning I'd hopefully get out of the office on time for once.
We were so unbelievably naive about security...
At roughly 8:30am, I received a call from a c-level employee - he told me the CEO was furious. He couldn't get anything done because his system was running super slow. The CEO had emails to send out and demanded someone stop by and fix his computer immediately.
I sent over one of my team and quickly forgot about it, focusing instead on some other medium priority issues, then proceeded to the training. After an hour, I took a brief break to check up on what was happening with the CEO's system, so I left the training and wandered over to his office.
To my horror, the team member had reinstalled the operating system on the CEO's laptop. Apparently, he couldn't figure out the problem, so just reinstalled it. As I watched, my pager (yes, these were the days of pagers) buzzed, then buzzed again, then again. I fielded a dozen complaints of slow performing systems. It quickly became apparent that we had a much larger problem on our hands.
I called my team out of training and we investigated; every workstation in the entire company suffered from the same issue: they had slowed down to a crawl. By this time, my boss was fielding complaints from other c-levels, and he demanded to know what was happening.
It took a few more hours, but with some painstaking troubleshooting, we determined the email server, a Microsoft Exchange system, had slowed to a crawl because the messaging queues contained hundreds of thousands of messages.
领英推荐
We'd fallen victim to the "I Love You" virus. It began when the CEO received a message with the subject, "I Love You" and an attachment. He downloaded the attachment and tried to open it. The virus activated and sent itself to everyone on the contact list. These people did the same thing. It didn't take long to overwhelm our Exchange server.
It was a long and difficult path to recovery because the infection spread to most workstations in our environment. We had to clean the ALL up, one by one. Somehow, we had to recover our Exchange server. I won't get into the details, suffice to say this was not a simple effort.
We'd never experienced any kind of real virus attack before. Sure, we occasionally found a virus here and there, but these only affected individual systems and were relatively easy to clean up.
We performed our post-mortems, came up with new procedures and added anti-virus to the Exchange server.
What did we learn?
We corrected what we could, but, in those early years, the c-level didn't understand security and didn't believe they needed to allocate more than minimal resources or funding. We came up with a plan to tighten security, but it was more-or-less put on the back burner ... for the time being.
What kind of security disasters have you faced and overcome?