I work as a desktop support tech for the HelpDesk at the state university that I attend in New Jersey. The school uses and provides Sophos anti-virus to all school owned computers and any students that want it.
Yesterday I was re-imaging an IBM when I noticed the resident Mac Guru looking perplexed at a PowerBook that had just been brought in by an instructor. Once the instructor had left I walked over and asked what was up. Brian told me that the PowerBook had a virus. I had assumed he meant that the instructor had heard stories of loose malware over the weekend and had brought his computer in as a panic move, but Brian said no, he has a virus. When he opened any office application the app quit as soon as it had opened, and a dialogue box appeared that said something like "this computer is infected with Inqtana-b. Please contact your system administrator". In Word it stated the the Libraries had been lost or moved. We got this error if we tried to reinstall office as well.
This was upsetting.
We found that we received the same error with Acrobat, garageband, and Safari (linked only with the Acrobat reader plug in). Normally with windows we boot from a utility CD and run a scan on the system that way, but we have no such utility for OS X. So Brian got his PowerBook intending to boot the infected computer in Target disk mode and manually scan it with Sophos on his computer. But when he started his computer he opened Word to check, and his was infected as well. We checked ever Mac in our office and every single one was infected. Brian looked like someone stole his Christmas presents.
About this time we were notified from Phone support that we were getting calls from Mac users all over campus that their machines were infected. Some refused to tell us they were infected, they would only say they could not open apps. They must have been ashamed like it was an STD or something. Brian called our Systems and Security Group who was on the phone with Sophos pretty quick. While they were doing this, we had gone to the Sophos site and they had an IDE file for Inqtana-b. We downloaded that and proceeded to run scans on the infected computers in our office. The interesting part of this was that this malware was supposed to pose "close to zero threat" and be transmitted via Bluetooth. We were finding it on computers that did not have Bluetooth. One computer had found over 1500 infected files.
Are you ready for this?
We received a call back fro SSG who had been talking with Sophos. Apparently there was a problem with the IDE files that Sophos had updated earlier that morning. These incorrect IDE files were falsely identifying perfectly fine files as being infected. In doing so it had crippled many applications on the computers. The best part was that as we had been manually running scans on the computers in our office Sophos had been deleting files on these computers. The only problem we seemed to have was that any computers with Office 2004 had to have Office reinstalled.
In the end all we had to do was to update Sophos and restart the computers and all was fine. But what a crappy morning.
SAm
Top
