ADSM-L

Scheduled backup backs up .vbs virus files. Now what to do?

2000-05-05 09:11:50
Subject: Scheduled backup backs up .vbs virus files. Now what to do?
From: "Talafous, John G." <Talafous AT TIMKEN DOT COM>
Date: Fri, 5 May 2000 09:11:50 -0400
Unless you were on another planet yesterday you are aware that the ILOVEYOU
virus hit most of us. So, I am looking at a few *SM client nodes that fell
very much in love yesterday.  Of course, the *SM scheduled services
continued to function and automatically backup all new files and mark as
inactive any deleted files.  Arrgghhh!!!

Check out what the ILOVEYOU virus did!!!  From CNN News:

"The virus then starts affecting data files. Files associated with Web
development, including ".js" and ".css" files, will be overwritten with a
file in the Visual Basic programming language. The original file is deleted.
It also goes after multimedia files, affecting JPEGs and MP3s. Again, it
deletes the original file and overwrites it with a Visual Basic file with a
similar name. "

After ILOVEYOU did this, *SM scheduled backup runs on a few of the few
infected machines. The affected files are marked by *SM as deleted/inactive
and I have backups of a new group of files in Visual Basic format. And they
harbor a virus!!

I can instruct affected clients to discontinue automatic backup until they
get straightened around. I can instruct clients to recover inactive files
(That opens another can of worms). But once again I am faced with the old
*SM problem of not being able to selectively delete a file from a backup.
Aaarrrggghhhh.  I just hope some naive client user doesn't inadvertently
restore a vbs file someday.     (sigh)  More of an inconvenience than
anything else.

Thoughts and suggestions are most welcome.

John G. Talafous                         Sr. Tech. Prog/Anal
The Timken Company                 Phone: (330)-471-3390
P.O. Box 6927                           Fax  : (330)-471-4034
1835 Dueber Ave. S.W.
Canton, Ohio USA  44706-0927
talafous AT timken DOT com                  http://www.timken.com/
<Prev in Thread] Current Thread [Next in Thread>