Feeds

Reg HPC man relives 0-day rootkit GROUNDHOG DAY

Okay, campers, rise and shine, and don't forget your booties...

Security for virtualized datacentres

Rebuilding my tattered life

The next steps were straightforward, albeit hugely tedious. The first was to call Big Security Company, cancel my security subscription, and get a refund for my initial payment. Then began the process of going to my backups, putting an image on a clean hard drive, then testing to see if this new image had the same virus as the old one.

The virus’s erratic behaviour – sometimes starting right up with the inane audio, other times waiting for as long as an hour or two before tormenting me – made a long job longer. Couple that with not being able to pin down exactly when the virus first emerged, and you end up with a long and tedious job.

Fortunately, I have firm backup procedures in place. Every key system is backed up incrementally daily, with a clean image saved weekly. All of these backups are stored for 60 days just in case of, well... this.

It took what seemed like forever to find an image that didn’t have the virus on it. I ended up going back several weeks, which made quite a bit of work and raw materials (video, notes, etc) disappear. Those files had to be brought in individually and tested, just in case one of them was the virus carrier. That process accounted for another long period of time... sigh.

Targeted or unlucky? Plus lessons learned

I kept wondering how it happened and how I could prevent it in the future. Since this was a new virus, according to Big Security Company, why were my well-protected computers the first to get hit?

Did the Trilateral Commission finally decide to even the score with me? Or the Yakusa? Russian mobsters? Or someone who was just looking to mess with me? It could have been all of the above, or maybe it was just my time to be a zero-day guy. I do have some slight grounds to suspect that I was targeted and if I find out more, I’ll let you know.

What did this experience teach me? To be more fearful than ever. I still don’t have any idea what I was infected with, how I picked it up, or how to prevent it in the future. According to third-line tech Jedi at Big Security Company, this is the world we live in today. Our cyber safety is under constant attack, and the bad guys have the first-mover advantage.

The most valuable lesson? It pays to back up, and an investment in fast and solid NAS boxes (shout out “Thank you, Synology!”) is worth every penny. My terabytes of backups saved the day and got me back in business. Without them, I’d be looking at clean installs of everything and then a file-by-file inspection and test of all of my stored data. Yikes.

I don’t want to think about how long this process would have taken if I were trying to do this number of restores via the cloud. I have a fairly fast pipe into the home office; it typically tests out at 20Mbit per second. But when you’re talking about full-sized images of around 150GB, it would take anywhere from 15 to 18 hours to complete a single download. My local NAS was able to copy these images over in half an hour or so.

Now that I’m back, it’s time to start dealing with the backlog. I have plenty to tell including some interesting and compelling experiences at the SC13 supercomputing conference, stories on my trip to the second annual South Africa Student Competition, info on the upcoming ISC’14 Cluster Challenge, and the usual HPC industry happenings. Stay tuned. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.