[K12OSN] Boys and Girls Club Horror

R. Scott Belford scott at hosef.org
Thu Jul 8 02:12:37 UTC 2004 

Wonder where all that spam is coming from?  We, like the rest of you, 
set up and maintain thin-client labs.  We have recently donated and are 
maintaining a thin-client lab for the teen center at the Ewa Beach Boys 
and Girls Club of Hawaii.  Furthermore, we have given the custodian and 
a manager, previously without computers, each a Mandrake box.

It is astounding, as you can all imagine, to see people effortlessly 
navigate a "strange" gui to get so much done.  One lady using a Mandrake 
box has never asked for help and makes spreadsheets, schedules, 
documents, etc.  She never saw Linux before.  We all know these success 
stories, and the BGCH project is no exception.

Here is the Horror.  There is a previously donated Windows lab 
downstairs.  I have already replaced one hosed box with Mandrake.  These 
computers are so infected with virii, worms, and trojans that they may 
be attacking *you*  Windows update no longer runs, and it is almost 
impossible to browse with IE without redirect and pop-up Hades.

The lab is under contract to the company of one of members of the BOD, 
so I can't take it over.  Ironically, it was initially a gift from the 
Case Foundation.  I will, however, be putting Mandrake on a computer 
that had the following goodies in its taskbar:


CTFMON.exe
http://securityresponse.symantec.com/avcenter/venc/data/spyware.familykeylog.html

FF.EXE
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.rirc.html

WSup.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html

WToolsA.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html

msbb.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.ncase.html

wupdater.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html

CMESys.exe
http://securityresponse.symantec.com/avcenter/venc/data/dialer.iedisco.html

WKufind.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html

VPTray.exe
proof that norton is uninstalled

mspmspsv.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html

WToolsS.exe
http://securityresponse.symantec.com/avcenter/venc/data/adware.huntbar.html

regsvc.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.cloner.html

lsass.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

csrss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html

smss.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



I will further document this in a case study, but if any of you need 
testimony to the damage just one infected Windows computer can cause, 
look at this one.

--scott

-- 
R. Scott Belford
Founder/PR Director
The Hawaii Open Source Education Foundation
PO Box 392
Kailua, HI 96734
scott at hosef.org
808.689.6518

More information about the K12OSN mailing list