 |
 |
|||||
 |
 |
 |
 |
  |
||
 |
 |
 |
 |
 |
 |
 |
 |
 |
    |
A Balkan mystery
By Kevin McKeough
published in the February 26, 2007 issue of Crain's Chicago Business
http://chicagobusiness.com/cgi-bin/mag/article.pl?article_id=27340
A slow-running network was the only sign that anything was wrong at a Chicago-area financial company. But when the company looked into the problem, it discovered something unnerving: Its computers had been infected with a "controlbot" software program that was secretly searching for spreadsheet files containing dollar signs and sending them via the Internet to a "botnet" operator in the Balkans.
|
"They had balance sheets, payroll information and some top customer information," says Steven Kent, chief technology officer for Chicago-based onShore Networks LLC, which the financial company hired in 2004 to fix the problem. Mr. Kent's team determined that the virus originally infected the personal laptop of the company's chief accountant, who had brought it from home and plugged it into the company's network. The bug infected more than 60 desktop computers. It took Mr. Kent and his team days to re-format the drives on each computer and block the botnet operator's access to the network. Botnet operators are one of the biggest threats to company databases these days, Mr. Kent says. They try to extort money from companies by threatening to distribute the stolen information or to use the machines under their control to launch a large-scale computer attack. |
|
The problem could have been prevented by having stronger filters on outgoing traffic, instituting stricter policies against connecting outside devices to the network and installing intrusion detection systems, Mr. Kent says. "Companies gamble that a security breach will cost less than the ongoing costs of proper security monitoring. Frequently, they lose this wager."