[Dshield] Password protected Bagle.F

Kenneth Coney superc at visuallink.com
Thu Mar 4 18:14:52 GMT 2004


I give it a week at most before the email package changes and appears to 
come from a companies' IT department and is sent only to employees of that 
comapany.  I.e., IT Dept. at SAIC.com, or Sysadmin at BAH.com, or Sysadmin at your 
company.com  We will all have fun then.

Jayjwa, you are correct.  Evolutions are happening.  One aspect I am 
forseeing is greater weight being given in the future to the opinions of 
company Info Security Management (ISM) types.  If a salesman blew an 
account and the company lost big bucks, or if the copy boy took an ax to 
the copy machine, management knows how to handle that.  That some ISM geek 
had been bleating about that same person for months was irrelevant as long 
as the salesman produced income and the copy boy made copies.  A salesman 
saying "boss, we got a virus in our email from someone and it trashed our 
hard drive..." wasn't previously viewed as the salesman's fault.  We have 
something different with otherwise benign password protected viruses being 
activated by an employee intentionally entering a password.  New (old) rule 
will apply.  Employees shall not utilize any password on a company computer 
not supplied to them by their boss.  As you pointed out we now have an 
intentional action by an employee of very low IQ which has caused damage to 
the company.  Most managers I know of know how to handle that situation. 
One tool I have observed in large groups is internal billing.  It seems to 
work.  Total up the number of hours and employee salary, electricity, phone 
bills, etc. spent fixing the problem and present it in an appropriate 
fashion.  "We suffered $XXX,000 dollars of damage/lost hours as a direct 
result of salesman Jones decision to try the password and run the virus." 
Perhaps an internal bill from the IT section to the Sales section.  That'll 
get someone's intention.






More information about the list mailing list