SAN FRANCISCO — While it may not be a security pro’s worst nightmare, it certainly wouldn’t be considered a pleasant dream. In 2009, David Compton, system administrator for Aspire of Western New York, a non-profit that serves people with developmental disabilities at over 50 group homes and field locations, got a call from someone in the finance department. The employee’s machine was slow and refused to load certain applications.
When Compton went to check out the computer, he said the first thing he noticed was that “the antivirus was disabled. Then I realized I couldn’t boot the computer into safe mode. That’s when I knew we had a problem.”
At an RSA Conference 2011 session entitled, “Aspire to a Network Free of Malicious Programs,” Compton explained that was the start of an episode during which he and his crew of “two and a half” security pros were “running around, cleaning up machines” for the next 110 hours. In the end, Compton had to “rebuild five servers, and about 50 workstations” to get rid of what turned out to be the nefarious Sality virus.
Nine months later, a rogue antivirus outbreak hit the organization, affecting more workstations, not only at the main location where the malware was believed to have penetrated the network first, but also at many of the various field offices and group homes as well. To top it off, the antivirus Aspire was using at the time wasn’t picking up the infections. Compton would “scan a machine that I knew was infected, and [the antivirus] would say, ‘Nope, it’s clean.'”
One of the most difficult aspects of the malware recovery process lied in the clientele Aspire serves. According to Compton, it was hard to explain security principles to a variety of computer users at 44 group homes who, in many cases, were just learning what computers were and how to use them, making the organization particularly susceptible to recurring infections.
What Compton thought was a problem specific to his organization, however, he later learned was systemic. He related that, over the course of the clean-up process, he discovered that many other computers for non-profit organizations were experiencing similar rates of infection, due, at least in part, to the overall strain on resources that the non-profits faced.
We were “using freeware to protect against malware,” he said.
Largely as a result of the turmoil, however, Compton was able to convince Aspire managers that investing in a commercial-grade endpoint security product was essential. After the infections, Compton said, everyone at the company was “very unsatisfied with the current endpoint security” posture.