• Bert Glanstron (unregistered)

    Dear Mike,

    In case you can’t tell, this is a grown-up place. The fact that you insist on using VMS clearly shows that you’re too young and too stupid to be in charge of computers.

    Go away and grow up.

    Sincerely, Bert Glanstron

  • Sir Leonard Leopold Von Virrus, Esq. (unregistered)

    Im in yr v4ck$, viRRuss1ng yr l0ginz!!!1!!

  • Matt Westwood (unregistered)

    Maybe if Remy spent less time drinking and more time taking English classes, we wouldn't have to read this garbage.

  • frits (unregistered) in reply to Matt Westwood
    Matt Westwood:
    Maybe if Remy spent less time drinking and more time taking English classes getting laid, we wouldn't have to read this garbage.
    FTFY
  • Sir Robin-The-Not-So-Brave (unregistered)

    Perhaps the message said "Virrus attaching to system"?

    If this happened somewhere where they speak Frenglish, Chinglish, Dunglish, Spanglish,... then I can imagine some confusion.

  • (cs) in reply to frits
    frits:
    Matt Westwood:
    Maybe if Remy spent less time drinking and more time taking English classes getting laid, we wouldn't have to read this garbage.
    FTFY

    I couldn't have said it better myself.

  • J (unregistered)

    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"

    I worked for them once. Unfortunately customers eventually wanted something in return :(.

  • Pytry (unregistered) in reply to J
    J:
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"

    It's called religion.

    captcha: plaga - a combination of necromancy and biological warfare which causes young nerds to spend their entire lives staring at computer screens in a zombie like trance while paying $15.00 a month for the privelage of losing their lives.

  • (cs) in reply to JH

    I don't understand why nobody first stopped to figure out why "Virrus" was misspelled.

  • wtf (unregistered) in reply to dkf
    dkf:
    Matt Westwood:
    ... and for the other 10% we'll have unicorns.
    Sorry, but no unicorns are available today. You'll have to make do with vipers.

    Yep, that's exactly the story that came into my head as well.

    captcha: illum - sort of like Troy... oh, that was a good song... what happened to Sinead O'Connor anyway... oh, reggae? that's depressing... oh, sorry what were we talking about?

  • (cs)

    Gosh, it's just so darn frustrating when things are implausible or possibly incorrect on this site. I mean, why do the even call it "100% True And Accurate Tales From IT (No Humor Intended)" anyway?

  • (cs)

    Sad that these "admins" actually did more damage by staying late than leaving for the weekend. That's the ultimate form of ineptitude. Hopefully Mike and his team were swiftly purged from this company or relegated to the help desk for at least 5 years in order to pay for real training.

    Also, why do people sign their posts on an internet forum that clearly displays their name?

  • wtf (unregistered) in reply to Coyote
    Coyote:
    Andy P:
    Why would anyone panic about their anti-virus complaining about a virus attack if they didn't have a virus installed?

    a) Do you usually have a virus installed on your computer?

    On my work machine? Yes, it's called Windows....

  • Koz (unregistered)

    I'm calling shenanigans

  • Anon (unregistered) in reply to tehR
    tehR:
    I don't understand why nobody first stopped to figure out why "Virrus" was misspelled.

    Virus writers aren't well known for their command of the English language, nor, as this site will attest, any programmers or IT-type folks.

    I wouldn't bat an eyelid at a misspelling in a message that came from a virus.

  • Jerry (unregistered)

    OK, so the story's a bit incredible (aren't they all lately) but whether true or not there's still a WTF behavior illustrated here: panic and shut down.

    Why?

    If it really is a virus, it already thoroughly pwned your system approximately a billion nanoseconds ago. So you're not going to stop it from doing harm.

    It's a VAX, not a server on a network of servers, so it isn't likely to go brute forcing its neighbors either. Or sending SPAM.

    I mean, really, if the right decision is to shut it off, then what? After scratching your balls for a few (minutes, hours, days) you're going to have to turn it back on, right? And then you'll be right back where you are now. Minus some number of (minutes, hours, days).

    You may have to respond to the damage the alleged virus did -- if indeed it did any -- but putting a message on the console does not count as damage. So look for actual damage and deal with that. Protip: easier to do while the system is on.

    So is there any scenario where killing the corporate mainframe is the right decision? Aside from shaking loose some funding for a VAX anti-virus scanner, I mean?

  • Shenanigans (unregistered) in reply to Koz
    Koz:
    I'm calling shenanigans

    Can I help you?

  • jfb (unregistered) in reply to Pytry
    Pytry:
    J:
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"

    It's called religion.

    I thought it was called boo.com.

  • (cs) in reply to sadwings
    sadwings:
    After this close-call, did they at least purchase the anti-virus software for the VAX.
    Sure sounds like how management works. A username that looks like "Virus" at a glance is a close-call, at least as far as management is concerned (or can understand).

    In a previous job, a third-party vendor that we had previously used (involving employee records of some kind) had a laptop stolen. So they sent a letter to all of our employees telling them that their SSNs were compromised. Everyone was pissed at us for giving them our employees' SSNs in the first place, but in reality we never sent them SSNs; we used employee IDs.

    Somehow management considered this a "close-call". We did things right and nothing we did could prevent a third-party vendor's laptop from being stolen. But that didn't stop some big changes as far as how sensitive information was handled.

  • Fred (unregistered)

    My employer landed a large contract with a government agency. Contract specified that we must have a virus scanner.

    No amount of explaining that Solaris headless servers don't get viruses (because there is no luser to click allow on whatever pops up, and even if they did, they don't have permissions to install or modify software) would suffice. Contract says virus scanner, install a virus scanner. Period.

    So...

    grep -i virus /var/log/messages

    Done.

  • Krishna (unregistered) in reply to Pytry
    Pytry:
    J:
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"
    It's called religion.
    Well, to be fair, they do (promise to) deliver something of great value. The only problem is, you can't test the product until after you're dead. And then, if you still have any complaints, they hand off responsibility to the Flying Spaghetti Monster or some other mythical creature. Just like any sales job. Let someone else support it; I just want the cash.

    So, you think your job is bad, how about the guys who have to take customer complaint calls from an actual burning lake of fire? Now that's a helldesk...

  • (cs) in reply to Dazed
    Dazed:
    It's a long, long time since I did anything on the VAX, but I think there was a setting for warning of an attempted attack if anyone entered an incorrect password more than N times, where N defaulted to something like 10. So one would see it very rarely.

    That sounds like what happened here. (But user name "Virrus" - really? That sounds just a little too good to be true. Still, stranger things have happened.)

    The actual message under VMS indicates that intruder evasion is in effect when the maximum number of invalid logons from that terminal is exceeded (default is 5). The word "attacker" never appears, so I'm guessing this story is indicative of flawed memory from a long-ago incident.

  • (cs) in reply to Anon
    Anon:
    tehR:
    I don't understand why nobody first stopped to figure out why "Virrus" was misspelled.

    Virus writers aren't well known for their command of the English language, nor, as this site will attest, any programmers or IT-type folks.

    I wouldn't bat an eyelid at a misspelling in a message that came from a virus.

    And I wouldn't bat an eyelid at a misspelling in a TDWTF article :-).
  • Larry (unregistered)

    TRWTF is VB.

  • Matt Westwood Is Gay (unregistered) in reply to Matt Westwood
    Matt Westwood:
    dkf:
    Matt Westwood:
    ... and for the other 10% we'll have unicorns.
    Sorry, but no unicorns are available today. You'll have to make do with vipers.
    Right, because if anything says "I'm a homosexual" better than unicorns, it's snakes.

    Coming from the resident expert on all things gay?

  • Anon (unregistered) in reply to Krishna
    Krishna:
    they hand off responsibility to the Flying Spaghetti Monster or some other mythical creature.

    I take great offense at your implication that FSM is a mythical creature. You will feel the wraith of his noodly appendages.

  • Samuel L. Jackson (unregistered) in reply to attack!
    attack!:
    Matt Westwood:
    dkf:
    Matt Westwood:
    ... and for the other 10% we'll have unicorns.
    Sorry, but no unicorns are available today. You'll have to make do with vipers.
    Right, because if anything says "I'm a homosexual" better than unicorns, it's snakes.

    on a plane

    I've had it with these monkey-fighting unicorns on this Monday-to-Friday website!

  • (cs) in reply to Coyote
    Coyote:
    Andy P:
    Why would anyone panic about their anti-virus complaining about a virus attack if they didn't have a virus installed?
    Do you normally have a virus installed?
    A lot of people run Windows, yeah.
  • (cs) in reply to dpm
    dpm:
    I can easily see why Digital was confused when they were "roped in": no decent %SYSTEM-E-WHATEVER message, the system is down, no other clues . . . and most of all, THERE ARE NO VIRUSES FOR VMS. I highly doubt they thought it could be "a new virus in the wild" because THERE WERE NO VIRUSES FOR VMS.

    But that doesn't mean there couldn't possibly ever be a virus for VMS. There certainly were viruses for other systems. And that first one for VMS would have been "a new virus in the wild." It said they were mainly just confused about it; I could see not wanting to rule out the possibility, even if unlikely.

  • (cs) in reply to DrJDX
    DrJDX:
    Gosh, it's just so darn frustrating when things are implausible or possibly incorrect on this site. I mean, why do the even call it "100% True And Accurate Tales From IT (No Humor Intended)" anyway?
    Is it too much to expect that everything that gets posted on the internet be 100% true and accurate? What about the users who are paying good money to read these articles?
  • wanka (unregistered) in reply to Valdis
    Valdis:
    Obviously you guys are all noobs and don't remember the WANK worm
    Funny, that's the name of my....
    http://en.wikipedia.org/wiki/WANK_%28computer_worm%29
    ...oh
  • BentFranklin (unregistered) in reply to Jerry
    Jerry:
    OK, there's still a WTF behavior illustrated here: panic and shut down.

    Agree. Plus, when you reboot you get to run whatever the virus stuck into the boot sector, or whatever they call it on a VAX.

  • Obvious (unregistered)

    This article is so bad that it gave me AIDS.

  • Sunnyboy (unregistered)

    Bullshit. The story is completely impossible.

  • Englebart (unregistered)

    My favorite VMS story from college:

    A member of the super-secret-society SpamForum found a few vertical feet of VMS system log printed on fanfold paper. It was sitting next to a dumpster or a recycle bin.

    He took it home and found every failed login attempt printed in clear text. This was fine when the log was in a secure server room with 3 layers of access, but not sitting on the curbside!

    Unlike the forum software that prints asterisks everytime you type your ********, this print out showed the failed account AND password.

    Most of the failures were simple typos on the username or password, so needless to say: "all of your accounts are belong to me"

  • Meta4 (unregistered)

    This story was dumb.

  • (cs) in reply to operagost
    operagost:
    The actual message under VMS indicates that intruder evasion is in effect when the maximum number of invalid logons from that terminal is exceeded (default is 5). The word "attacker" never appears, so I'm guessing this story is indicative of flawed memory from a long-ago incident.
    But if that's true, then there was no reason for an incident to escalate in the first place.
  • (cs) in reply to shadowman
    shadowman:
    dpm:
    I can easily see why Digital was confused when they were "roped in": no decent %SYSTEM-E-WHATEVER message, the system is down, no other clues . . . and most of all, THERE ARE NO VIRUSES FOR VMS. I highly doubt they thought it could be "a new virus in the wild" because THERE WERE NO VIRUSES FOR VMS.
    But that doesn't mean there couldn't possibly ever be a virus for VMS. There certainly were viruses for other systems. And that first one for VMS would have been "a new virus in the wild." It said they were mainly just confused about it; I could see not wanting to rule out the possibility, even if unlikely.
    True. However, Field Service would have scoffed at a single message like that, and would not have paid them the slightest attention without an actual OPCOM entry or some other actual evidence.
  • Anon (unregistered) in reply to dpm
    dpm:
    operagost:
    The actual message under VMS indicates that intruder evasion is in effect when the maximum number of invalid logons from that terminal is exceeded (default is 5). The word "attacker" never appears, so I'm guessing this story is indicative of flawed memory from a long-ago incident.
    But if that's true, then there was no reason for an incident to escalate in the first place.

    Yeah, because clearly if it has said "Virrus invasion" instead, nobody would have freaked out.

  • Dan (unregistered) in reply to dpm
    dpm:
    boog:
    dpm:
    This is completely absurd. The top of the "alert log" --- I assume he means OPERATOR.LOG --- would look like this:
    Forgive my lack of VMS knowledge, but is it possible to have a custom process that captures such entries and publishes abbreviated messages to admins?
    Of course. I've done something similar myself. However, that is an extremely specialized job which would rarely be considered, let alone actually implemented, for the excellent reason that you almost always *want* that information.

    Any site which had that deep a customization would not forget about it and would certainly not shutdown at the slightest cause for alarm. It's a MAINFRAME, not a desktop, and shutting it down would usually be grounds for dismissal at most companies.

    ok dpm

    Just a possibility here. Maybe they once had an experienced admin who added a log watcher. The PHB then decides they're paying too much money for IT and lets him go, and hires some fresh college grads in his place. Profit!!! Except that the n00bs don't know about the log watcher, and go into panic mode and shut the machine down.

  • (cs) in reply to Jerry
    Jerry:
    It's a VAX, not a server on a network of servers, so it isn't likely to go brute forcing its neighbors either. Or sending SPAM.
    Actually, both of those are technically possible. VAXclusters have been around for a long long time (the neighbors) and of course sending email to everyone listed in SYSUAF.DAT would be a simple task (the spam).
    Jerry:
    I mean, really, if the right decision is to shut it off, then what? After scratching your balls for a few (minutes, hours, days) you're going to have to turn it back on, right? And then you'll be right back where you are now. Minus some number of (minutes, hours, days).
    Exactly. Everyone involved seems to have been quite incompetent.
  • (cs) in reply to Fred
    Fred:
    grep -i virus /var/log/messages
    Applause.
  • PG4 (unregistered) in reply to Englebart
    Englebart:
    My favorite VMS story from college:

    A member of the super-secret-society SpamForum found a few vertical feet of VMS system log printed on fanfold paper. It was sitting next to a dumpster or a recycle bin.

    He took it home and found every failed login attempt printed in clear text. This was fine when the log was in a secure server room with 3 layers of access, but not sitting on the curbside!

    Unlike the forum software that prints asterisks everytime you type your ********, this print out showed the failed account AND password.

    Most of the failures were simple typos on the username or password, so needless to say: "all of your accounts are belong to me"

    BS. I've never seen where VMS would print out the attempted password, ever. Now ACF2 on IBM mainframes, yes.

    BTW the orig. story is complete junk.

  • M (unregistered)

    Now trying to find a way to talk my wife into naming one of our kids Virrus.

  • EvilTeach (unregistered) in reply to dpm

    One could assume that the system was configured so a security alarm was fired after the threshold was passed. That message would go to any terminal where a security operator had been enabled. I can well imagine the confusion that would reign, if a message like that popped up, looking like a virus attack.

    VMS is the greatest OS ever developed. QED

  • EvilTeach (unregistered) in reply to shadowman

    There was an attack on the SYS$OUTPUT bbs back in the 90s. It was a command procedure that did something useful, plus, it constructed a string to delete one of the critical system folders. As I recall, it would delete everything in SYS$SYSTEM.

    There was a discussion about it on the site.

  • (cs)

    The user Virrus has a sister named Chollera.

  • wtf (unregistered) in reply to SteamBoat
    SteamBoat:
    The user Virrus has a sister named Chollera.

    And they love to listen to their great-aunt Urethra sing the gospel music.

  • Paula (unregistered)

    Remy attacking my sensibilities.

  • Darren (unregistered)

    This story is missing content. What's the point reading half a story. I guess it makes sense for DEC users back in the 80's.

Leave a comment on “Virrus Attack!”

Log In or post as a guest

Replying to comment #:

« Return to Article