"Here you have" virus: How did you fare?

By apexwm, 13 September, 2010 13:40

Just last week the "Here you have" virus was spreading like wildfire. In the very early hours of Friday morning, I watched a Linux mail server get slammed with bogus emails coming from a huge array of IP addresses. Due to the timing, I'm almost 99% certain this must have been some sort of aftermath of this virus. Luckily, the server was able to stay running and handle the load, although it was rough for a while. The server runs ClamAV virus scanning engine as well as SpamAssassin spam tagging engine. This put a heavy tax on the processor load however the server kept running. This particular server has about 80 users, and the Postmaster account was getting around 10 messages per minute on average, for over 6 hours straight. It's a Pentium III 866 with 1 GB of RAM. Unfortunately, there wasn't an easy way to block the source IP addresses, since it seems the virus was so widespread that all that we could do is delete the bogus messages and wait for the virus to start to wither down.

This was a clear reminder at how nasty viruses can be. They can wipe out whole networks with one sweep. And they can tax bandwidth to the extreme, so that routers become overloaded and crash as well. As with the "Here you have" virus, email servers crashed at major companies, and had to be shut down due to the sheer volume of overload.

This was also a reminder at how taking steps to prevent viruses is a huge one. The time it takes a virus to infect hundreds or even thousands of computers can be within a minute. But the time it takes to clean up the viruses can be hours upon hours, not to mention high cost of downtime as well.

Keeping antivirus software up to date is key (especially if you are running Windows). However what can be frustrating is that some antivirus software fails to detect viruses and some claim zero day protection but fail to do so. There are now a wide variety of antivirus programs for Windows available today. But what has surprised me is that top names like Symantec and McAfee have failed to detect viruses and computers still get infected. For the past 3 months, I have seen versions of the "Antivirus Soft" virus continually infect corporate PCs that run Symantec Endpoint Protection 11. Whereas less common names like Kaspersky catch it. So even top named and expensive antivirus software may or may not keep you completely safe.

One popular product that I really like is ClamAV, which I use on Linux servers and works very well. For a free product, it really can't be beat. There is a Windows version as well. I also use Linux solely on the desktop for myself and intermediate family, so we were able to rest assured that we didn't have to worry about the "Here you have" virus. Reports were released saying it had a keylogger which is probably one of the scariest things a virus can do, in my opinion. There is no limit on what it can log, especially your personal information and especially usernames/passwords that can be easily obtained this way.

 

Talkback

Thats the general risk with all virus scanner's though some pickup some don't even if you are running two or more, and then anti malware application's their's no guarantee you end up adopting a layering method of practice.

Suppose it's really going to come down to how much CPU you have to spare.
CA 13 September, 2010 21:42
Report offensive content Reply