[Dshield] Password protected Bagle.F
superc at visuallink.com
Thu Mar 4 18:14:52 GMT 2004
I give it a week at most before the email package changes and appears to
come from a companies' IT department and is sent only to employees of that
comapany. I.e., IT Dept. at SAIC.com, or Sysadmin at BAH.com, or Sysadmin at your
company.com We will all have fun then.
Jayjwa, you are correct. Evolutions are happening. One aspect I am
forseeing is greater weight being given in the future to the opinions of
company Info Security Management (ISM) types. If a salesman blew an
account and the company lost big bucks, or if the copy boy took an ax to
the copy machine, management knows how to handle that. That some ISM geek
had been bleating about that same person for months was irrelevant as long
as the salesman produced income and the copy boy made copies. A salesman
saying "boss, we got a virus in our email from someone and it trashed our
hard drive..." wasn't previously viewed as the salesman's fault. We have
something different with otherwise benign password protected viruses being
activated by an employee intentionally entering a password. New (old) rule
will apply. Employees shall not utilize any password on a company computer
not supplied to them by their boss. As you pointed out we now have an
intentional action by an employee of very low IQ which has caused damage to
the company. Most managers I know of know how to handle that situation.
One tool I have observed in large groups is internal billing. It seems to
work. Total up the number of hours and employee salary, electricity, phone
bills, etc. spent fixing the problem and present it in an appropriate
fashion. "We suffered $XXX,000 dollars of damage/lost hours as a direct
result of salesman Jones decision to try the password and run the virus."
Perhaps an internal bill from the IT section to the Sales section. That'll
get someone's intention.
More information about the list