» » We were quiet for a long time, here’s why: Virus Attack!

We were quiet for a long time, here’s why: Virus Attack!

We were quiet for a long time, here’s why: Virus Attack!

Our internal computers and network came under a virus/malware attack by the FL_Setup virus. We are not sure how it got onto the network and only quick action kept us from further damage. The attack was very professionally done. Research later showed the FL_Setup attack is designed to take over the browser and fill it with advertisement after advertisement.

What Happened?

On the browser we noticed messages that the Flash drivers were out of date. The messages appeared randomly for two days. When a window finally opened up to initiate the driver update, the user clicked OK. The user was using an Administer Account at the time this happened, they were doing some server maintenance at the time. This may have made the problem worse as the account they were using had complete system access.

I walked over to the computer as the “update” seemed to be taking too long. The “Update” would not allow itself to be interrupted; Ctrl-Alt-Del would not work. I pulled the power cable from the back of the machine to stop it completely. I removed the network cable as well and rebooted the computer.

Once the reboot was complete I sorted the directory structure of the machine by date. I found three files that had just been downloaded. I deleted those files and searched all the attached drives. No other files could be identified as just downloaded by the time stamps. I even searched for hidden system files with recent time stamps, none were found.

I used other computers to do the same file checking on the network drives and all of our other computers. Since the machine attacked was connected to our network, I wanted to make sure the virus had not spread to other machines.

On the machine being attacked, once I was satisfied that I had gotten all the newly downloaded files, I rebooted it.

That’s When the Trouble Started.

Most if not all computers have a little known BIOS (Basic Input Output System) password option. The BIOS chips live directly on the computer’s motherboard. When I rebooted, a screen came up requesting the master BIOS Password. There is no way to get around a BIOS password. If you do not know it, the operating system will not even start to load.

This means that nothing can be done to recover the system. There is no way to remove a BIOS password. There is a small CMOS (Complementary Metal–Oxide–Semiconductor) battery that maintains your system settings when the system is turned off. In a desperate attempt I opened the system up and removed the CMOS battery, shorting the contacts on the computer board for three days.

In the old days of personal computers this would have wiped out the custom BIOS settings (including the password) and allowed it to boot up. Not so with today’s computers. I replaced the battery with a new one, model CR2032. This battery is available at most drug stores and has a life expectancy of three or more years.

When I booted the computer up it returned to the master BIOS password screen. The BIOS password survived! Now what? Because I could not get past the BIOS password screen I could not even upload an entirely new BIOS software package to the chips. I was stuck.

All I could do was to send the motherboard out to have brand new BIOS chip set installed. This requires the use of a microscope soldering station as the precision and tolerances on today’s motherboards are critical.

It has taken over a month to get the board back, installed and tested. We are now operating at full strength.
What this means to our customers?

Rest assured that your data was never at risk. We do not store your information locally. Our site and all of its data lives in the “cloud”. All orders have been processed without interruption.

As a precaution I took down our internal network and internet access for about a day. A secondary off-site location was used to process orders after working with our provider to ensure that what happened on our network had gotten into our cloud site.

All of your payment information is never stored anywhere on our site. It is passed directly through an SSL (Secure Socket Layer) to our banking partner. We do not even allow our representatives to take phone orders to avoid any possibility that your information might be compromised.

Our commitment:

We have and continue to process test orders to watch every nuance of the order process to ensure it is secure, accurate and timely.

We are constantly updating our software to the latest revisions and watch our systems carefully. Any abnormalities are immediately brought to everyone’s attention.

We take this commitment very seriously and periodically completely audit many of our transactions.

Leave a Reply