Blogs

   
Michael Petrov
Co-Founder, CEO
7/6/2012
IT complacency.

IT complacency.

 Digital Edge does not focus in this area of it; however when people ask what is the difference between regular IT companies, and Digital Edge, I find myself describing it best with this analogy, normal companies support, maintain, and fix regular cars. Digital Edge supports, maintains, fix Ferraris and Lamborghinis of the IT world. In reality Digital Edge deals with the most highly complex issues of the IT world, for example, huge high capacity and performance servers and storage, enterprise class networks with high degree of failure resistance and security.

 Even though we deal with servers, today’s blog about desktops and “local” IT problems and the headaches associated with these issues.  As a warning to “local” IT groups that support users’ desktops – DNSChanger Trojan is still a problem for many companies.

This Trojan comes in combination with a rootkit that makes it a very hard task to fix, and it is always better to re-install affected desktops.

Rootkit is a type of computer infection that gets installed over OS vulnerability, and does everything to hide itself from antiviruses or eyes of the system administrator. We have dealt with rootkits in the past for one of our clients and saw how well it hides itself. It completely took over OS file system functionality and made sure that you cannot see it using ANY programs or a tool that uses OS I/O functions (any iosys.h library). To really see it and kill we had to write a custom program that would look directly at the disk. The stealth virus was hiding specific file names and extensions from tools like DIR or Explorer as well as antivirus, also the rootkit was specifically attacking McAfee antivirus. The virus implanted itself in the OS so it became not separable from the OS. We spent hours fixing the server.

 

I can write a book about my personal experience of fighting with viruses. Starting with writing my own specific multiplication and propagation mechanisms and stingers for specific viruses in the DOS and Windows 3.11 era and finishing with nova days stealth technologies, injections and IP stack vulnerabilities; today’s subject is DNSChanger.

 So there are more than 300 thousand infected desktops running in the corporate world. Some security organizations report that close to 12% of Fortune 500 companies are infected.

We all do have problems and we can get caught by bad circumstances, user or sys admin mistakes, but to run infected systems for months is beyond me. A good system administrator should sense “something wrong” with a desktop or a server. In Digital Edge case I can’t even say what this sense is; but any system administrator should know that there is no smoke without a fire. So if there is something suspicious – dig until you find the problem. There must be a scientific explanation to everything. There are no shamans in the computer world. Computers are scientific objects.

 So to the attention of all system administrators, please make sure you are not infected by DNSChangers. To check if a desktop is infected visit this site: http://www.dns-ok.us/

If it is, reinstall it. If you want to have a fun, you can play with rootkit tools from companies like Kaspersky Lab root kit tool TDSSKiller, This brings me back to the days when I had the honor to meet with Eugene Kaspersky back 1980 in St. Petersburg.  He was the first virusologyst in Russia by that time.

   

Replies

Leave a reply

Name (required)
Email (will not be published) (required)

Number from the image above
  
Latest blog posts
VNX Versions
11/10/2014
Subscribe to the blog by e-mail

Sign up to receive
Digital Edge blog by e-mail


Subscribe    Unsubscribe