Conficker vs. Library: The Rest of the Story

Well, here’s how the story of picking up Conficker at the library played out:

Yes, thank you so much! Everything you said was true. Apparently someone’s USB drive was infected and infected many computers here. We are very appreciative for your technological detective work. The head of IT was very incredulous because everything is deep frozen after it is shut down. But it was all true and I am very grateful

The part about “many computers here” seems worrisome; they’re apparently not running any defensive software at all.

‘Nuff said…

About these ads

  1. #1 by Brent Crosby on 2013-03-04 - 10:20

    They are probably running Deep Freeze:

    http://www.faronics.com/products/deep-freeze/

    Every time the PC boots, it restores a given image of the OS. The IT guy would set up one machine to exactly how he wants it, takes a snapshot then enables Deep Freeze. At every boot, Deep Freeze recalls the snapshot.

    They should certainly be running anti-virus (my favorite is nod32) in the image though.

    I suppose it is a possible that a virus could be installing itself “under” Deep Freeze and therefore bypassing the reset.

    • #2 by Ed on 2013-03-04 - 10:56

      a virus could be installing itself “under” Deep Freeze

      Or they started with a compromised PC and froze Conficker into the image file… [wince]

  2. #3 by Red County Pete on 2013-03-04 - 17:17

    I (briefly) thought of using one of the library’s desktop machines to get part of the Slackware distribution I’m getting to help with the 160MB/hour limit on the wireless link, but I’m nervous about the desktop security. I should ask; my minister is one of the librarians there, and he knows computers, but he doesn’t have control over the software they use. Oh well, maybe 1.5GB left to go. [sigh]. (Might have to see about skipping the international languages–that’s 600M right there. I barely speak German, much less Bulgarian, and have no desire to compute in any language beyond English, C and Perl. [grin])

    The deep freeze setup sounds like a good way to spread casual infections during the day whilst having a “clean” machine at night, under the best of circumstances. Now, it sounds like Typhoid Mary’s PC.

    • #4 by Ed on 2013-03-04 - 19:17

      nervous about the desktop security

      Huh. Can’t imagine why. [grin]

      You can verify the ISO file checksums to be sure that the images match the sources; I very much doubt an infestation could compromise a file and make all the checksums come out right. Of course, you should be doing that anyway, although you’d quickly wear out your welcome if you had to download each ISO more than once…

      • #5 by Red County Pete on 2013-03-04 - 20:38

        I’m getting the distro from kernel.org, (file by file ftp) and it’s up to me to make an ISO image. Slack was kind enough to do an MD5 checksum list, so once I have the files together, I’ll run md5sum. My P2 is slow and cramped, so I’ll probably get the Vaio ready with a temporary install of RedHat 7(!) and load the files. Then I can check the files and get ready in one swell foop. It can’t write DVDs, but Windows 7 says it can to a bootable disk. I don’t need a bootable, I think, but it would be nice to have one..

        The library discourages use of torrents and the bandwidth is limited, but otherwise, if you want to download 24/7, the ISP doesn’t mind.