Notes of an IS Manager:

The biggest problems come from a lack of IS/IT/MIS readiness in general. This type of virus will hit the hardest for those shops that are always reactive and never proactive in there prevention methods. I must admit that even my shop fell victim to this and I usually pride my self with being very proactive, but to be honest this whole incident just caught us with our pants down. For my shop this incident has actually been more of a pain in the rear than a disaster. We had a few users that opened the virus and were able to replicated it out on our network before we could pull the plug, but all they effected were .jpg files which we are replacing fom backups. Which brings up an excellent point, GOOD BACKUPS CAN REALLY SAVE YOUR COMPANY WHEN YOU LEAST EXPECT IT. Invest in a good backup solution because one bad day with out backups can ruin a company that lives in the information age.

As far as our E-mail Server goes we actually only had it down for about 12 minutes while we had Scan Mail purge all of the Exchange mail boxes that contained a copy of the virus. We just happened to have our update run 10 minutes before we had the first apperance of the virus and the Scan Mail update for I_LOVE_YOU was not yet out until 20 minutes after the first apperance.

I think one of our biggest problem was relying on third party software to do most of our security checks for us. When we should have been implementing a few proceedures that would have prevented this from replicating in the fashion that it did, but live and learn. This incident didn't cause us any major problems but it did allow us to develop a strategy to prevent this type of incident from giving us headaches in the future.

William M. Daugherty

Information Systems Manager

First International Computer of Texas Inc.

wdaugherty (at) fictx (dot) com [email concealed]

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/27/1649#1649