OUTSTANDING! -Alex
-----Original Message----- From: Kat Aylward [mailto:messagel...@gmail.com] Sent: Friday, September 10, 2010 1:40 PM To: MS-Exchange Admin Issues Subject: Re: Possible Email Virus Little story... I was new at a Silicon Valley startup... I'd been there maybe 5 months as the Exchange Admin and had managed to stay under the radar for most people. I also had knee surgery about 6 weeks prior. That Friday morning, I was at home (about 8:30-9:00am) and my MOM called me to say "honey, I just heard about this virus..." as my work cellphone was ringing. "Gotta go, mom..." and I picked up a frantic call from my boss. He says all hell has broken out and I tell him to shut down the exchange servers... so he pushes the power button on all 3!! ACK!!! After I swallow the vicious comment I was about to make, I headed into the office with a parka, gloves, warm socks and long pants (remember this was May in California and it's normally warm if you dont have to live in the datacenter). After 36 hours of restoring a full standard 16 gb database and catnaps under conference room tables, I finally got to go home having fully restored, upgraded and repaired the crashed DB. Mailboxes were cleaned out and users were "educated" with my LART! Fast forward to the following Friday... my Jr. Admin all of the sudden freaks out and says "It's happening again!" which puts me into full out "BIATCH mode". I hobble to one end of the building, shouting "If you receive an email from UserX and UserY, DO NOT OPEN IT, I repeat DO NOT OPEN IT!!!! and then hobbled to the other end, repeating this "bellowed refrain" upstairs and down.... After I got back to my desk and got my breath back, I headed to the datacenter on our floor. My boss had shut things down properly this time, and his boss and he were standing there waiting for me... with my boss's Army Ranger parka in hand because I had taken all my warm stuff home after the last weekend. I composed myself as best as I could (see prior BIATCH mode statement) and I told them I needed to talk to the company at the meeting that was starting in 10 minutes downstairs. They got me to promise I wasn't going to kill anyone and checked me for my LART, then gave permission for me to leave the DC.... I headed down to the Company-wide meeting in the cafeteria, hobbled over to the President and said "I need 5 minutes of this meeting". He looked at me and said... "of course".... and stepped clear. As I am heading to the front of the room, I am seeing all of these 20-somethings looking at me like I have horns, and they are trying to figure out who I am, Ranger parka and all. I am someone of a slightly older generation, shall we say, and I as I was headed up, I kept trying to think of a way not to look like a ranting and raving Lunatic. As I am composing myself, I see UserX and User Y skulk across the back of the room, trying to stay out of my line of sight..... I took a breath and thought about how I would talk to my young adult son (then about 20 himself). So here is what I said: Hello, you might not know me but my name is Kat and I manage the email system here. (you could hear the silent intake of whooshed breath at that) I continued: Practicing Safe Email is like practicing Safe Sex: 1. Always know who you are doing it with... 2. Always use protection... 3. and if you don't think you should be doing it, you probably shouldn't!!! And with that I proceeded to hobble back out to the DC, watching their slackened jaws hit the floor in shock and disbelief at what I had just said... but they were still talking about it 7 months later when at the Company Holiday party I was asked where my Ranger Parka was!!!! Still one of my crowning glories in corporate history there!! On Fri, Sep 10, 2010 at 11:07 AM, Maglinger, Paul <pmaglin...@scvl.com> wrote: > I remember that day too. Got it mostly cleaned up and a @#%!$ user opened > it up a second time! Grrr. Learned a lot from that little lesson. > > > > From: Don Ely [mailto:don....@gmail.com] > Sent: Friday, September 10, 2010 12:57 PM > > To: MS-Exchange Admin Issues > Subject: Re: Possible Email Virus > > > > I still remember that day very well... Lot's of queue cleaning that day... > > On Fri, Sep 10, 2010 at 10:55 AM, Don Andrews <don.andr...@safeway.com> > wrote: > > Haw - first time I experienced that was when the I Love You virus came out. > > > > ________________________________ > > From: Brown, Larry [mailto:lc.br...@dplinc.com] > Sent: Friday, September 10, 2010 9:23 AM > > To: MS-Exchange Admin Issues > Subject: RE: Possible Email Virus > > > > That wasn't our experience. Our users do NOT have local admin rights.but > the virus ran anyway. > > > > Of course.this may depend on OS. We are still running XP. > > > > Within 10 minutes of the appearance on our network we had the website > blocked.and then started getting calls to the Help Desk complaining about > the link being blocked. Sheesh. > > > > Larry > > > > From: Don Ely [mailto:don....@gmail.com] > Sent: Friday, September 10, 2010 12:17 PM > To: MS-Exchange Admin Issues > Subject: Re: Possible Email Virus > > > > One thing we noticed is that if a user was not running with admin rights, > the virus couldn't run... > > On Fri, Sep 10, 2010 at 8:41 AM, Don Andrews <don.andr...@safeway.com> > wrote: > > Appears that we had less than 100 copies come in and our AS caught and > dropped every one of them >:-) > > > > ________________________________ > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] > Sent: Friday, September 10, 2010 2:53 AM > > To: MS-Exchange Admin Issues > > Subject: RE: Possible Email Virus > > > > Mitigated, as best as I can tell, by having users run without elevated > permissions. > > > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > On Thu, Sep 9, 2010 at 3:37 PM, Kleciak, Clint D A7IT > <clint.klec...@cigna.com> wrote: > > Reports of an email virus hitting some companies today. It has a link to a > .scr file that looks like a PDF link. When users click it, it begins sending > emails using the GAL or contacts. Not sure of the origin at this point but > wanted to send a heads up. The email subject is "Here you have". > > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist -- Kat Aylward --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist