Stupid user tricks: IT admin follies
- — 17 June, 2008 09:05
For those of us who make our living behind a keyboard in IT, it's hard to imagine a more time-tested vulnerability than the end-user. Armed with network access, these IT viruses wreak havoc nearly everywhere you look -- havoc borne of tech idiocy.
Of course, not all computer users live to cause mayhem, sowing the seeds of destruction in our metaverse, merely by clicking every last Storm worm variant that appears in their inboxes. In fact, sometimes the worst offences spring from our own ranks, hatched by individuals whose stated mission is to help technology work better: the IT admin.
For the most part, we IT folks toil away unsung in often miserable conditions just to make workplaces more efficient, secure, and supportive of end-user needs. But then, a few of us -- well, we can be caught doing some really dumb things.
So having kicked the user to the brain-dead curb in "Stupid user tricks: Eleven IT horror stories" and "More stupider user tricks: IT horror stories redux," it's only fair that we turn the spotlight inward to expose a few legendary IT brain farts committed by those who are paid to know better.
Preconfiguring PCs with stone-age malware
Incident: Toward the end of 2006, several high-profile consumer electronics companies -- both makers and retailers -- ended up with egg on their faces when reports surfaced that they were shipping to consumers devices infected with malware. Apple's Video iPod and several models of digital photo frames were found to be infecting the computers of unsuspecting users the first time they were plugged in. The risk associated with those infections was significant. In the end, however, the damage was limited.
A year later, though, that wasn't the case. In September 2007, German computer maker Medion announced that as many as 100,000 laptop computers sold through Aldi superstores in Germany and Denmark came preinstalled with Windows Vista, the Bullguard anti-virus program -- and a virus.
For further adventures in malware, check out "Stupid hacker tricks: The folly of youth"
The case could have been devastating for the privacy or information security of anyone who bought one of the laptops. Modern malware, highly adept at stealing information such as bank account log-ins or credit card numbers, poses a real risk to consumers and companies alike.
Only, it wasn't, because the virus, Stoned.Angelina, dates back to 1994, a full year prior to the launch of Windows 95, let alone the advent of widespread Internet access or online commerce.
Thankfully, Stoned.Angelina isn't a particularly dangerous virus, at least not to anything more recent than DOS. It's a boot-sector virus that replicates itself by copying itself to floppy disks. Remember those? The Medion laptops didn't even have floppy drives.
Medion never said exactly how this historic malware relic ended up in the default image on so many laptops. In the case of the iPod and photo-frame infections, the malware came from an infected machine in the factory in China that assembled the final products and installed the software onto the devices' internal storage.
When you consider just how difficult it must be to load Stoned.Angelina onto a modern computer, you get a sense at how boneheaded the IT guy would need to be in order to infect a drive image used in tens of thousands of hard drives.
Fallout: With no way to spread and no effect whatsoever on Windows Vista, Stoned.Angelina took its toll mainly on Medion, making the company a laughingstock. The punch line: Even though the machine came preloaded with an anti-virus app, the anti-virus engine couldn't clean the system. Bullguard later released a repair program that cleaned out the boot sector, just in case you, someday, somehow, found a floppy drive that worked with the laptop and inserted a disk.
Moral: One, don't let the guy running an old copy of DOS on his computer build your drive images. And two, if you're going to deliberately infect thousands of computers, pick malware that's actually going to do something.