• sino (unregistered) in reply to Matt Westwood
    Matt Westwood:
    Todd Lewis:
    whiskeyjack:
    I bet the original submission was:

    "This one time, a guy named 'Virrus' created an account on our mainframe, and the IT guy freaked because he thought it said 'Virus'. Haha! It was hilarious!"

    Having once submitted a story only to see it "edited" (i.e. mangled) to the point that it made me look like a bigger idiot than the wtf involved, I have a lot of sympathy for our anonymous submitter. [sigh]

    Mark is great at that, but that's only when he's been bowytzing his creative writing class (which is every morning).
    FTFY.

    Remy, keep on keeping on. I can't believe everyone here STILL doesn't know where to check for the details when you post.

  • KP (unregistered)

    Maybe it's misremembered, it actually said:

    Virrus attaching to system

  • sino (unregistered) in reply to Matt Westwood
    Matt Westwood:
    Maybe if Remy spent less time drinking and more time taking English classes, we wouldn't have to read this garbage.
    Mark, is that you?

    Jealousy becomes thee not...

  • ideo (unregistered) in reply to Larry
    Larry:
    TRWTF is VB.
    Hey Larry, what took you so long? *hugs*
    Obvious:
    This article is so bad that it gave me AIDS.
    Meta4:
    This story was dumb.
    So your plan was to one-up it with your lame ass-comment?
    PG4:
    BTW the orig. story is complete junk.
    Coming from the resident expert on all things.... wait, that one's already been done...
    Sunnyboy:
    Bullshit. The story is completely impossible.
    Joo keep juicing dat werd...
  • Trylks (unregistered) in reply to Andy P

    #329395 Maybe I'm too bold, but I would ask for the remaining 22% of the story. Probably according to Pareto the 80% of the post relevance is in that 20% of the posted story.

  • Jay (unregistered)

    When people on this forum say they think a story is pure fiction, I usually think they are being presumptuous, as it usually amounts to, "Why, if that story was true, that would mean that someone did something stupid, and of course that's impossible."

    But this one ... If it's true, it's leaving out a rather important detail. Namely, does the system really display "$user attacking system" every time a user logs on? That seems a rather unlikely message. Maybe, as someone suggested, it really said "$user attaching to system"? Possible. Still an unlikely message, but I don't claim to know VAX. What was the actual message displayed and what did it mean?

    As written, the story presents a mystery, explains a small fraction of it, and then ends abruptly. "Mr Jones claimed that aliens landed their flying saucer on his front lawn and kidnapped his wife. THe story sounds incredible, but it turns out that there is a completely ratoinal explanation. It wasn't his wife, but his sister."

  • Nome de Plume (unregistered) in reply to Hasteur
    Hasteur:
    PHB Crits the system for over 9000! System is dead!

    ISO 9000

  • Herby (unregistered) in reply to J
    J:
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"

    I worked for them once. Unfortunately customers eventually wanted something in return :(.

    You worked for Microsoft? Did they treat you well? Did you produce anything?

  • Buzz Killington (unregistered)

    Shenanigans. Even if someone typed their password incorrectly x times and it did log a message and send it to the sys admins, you can't get me to believe no one had ever seen that message before. I lock myself out of some system on a regular basis, so extrapolating that to the 5,000 or so employees we have, it's too hard to believe no one was familiar with it.

    Secondly this sentence:

    "I understand," the helldesk imp said, "but according to the user, this started before that. He's a new account, and he was told that his account should be available this afternoon. He said he's been trying to log in for the past few hours, and hasn't been able to."

    helldesk imp? Seriously? WTF Indeed!

  • AMusingFool (unregistered)

    So, they wrote a log message that someone attempting to log in was 'attacking' the system!?!

  • neminem (unregistered)
    Todd Lewis:
    Having once submitted a story only to see it "edited" (i.e. mangled) to the point that it made me look like a bigger idiot than the wtf involved, I have a lot of sympathy for our anonymous submitter. [sigh]
    Yep. I once asked Strongbad a question, and he changed it around completely and added a bunch of typos. For the record: while I did, in fact, request that he write my essay for me, I didn't mispell "English", nor did I state that I didn't care whether it was good or not. So, I feel for this submitter, too.

    This was definitely the lamest feature article I've read here. (I've seen a lot of comments in older articles saying "worst article evar", "totally faked", etc. Usually I don't agree. This time, I would have to agree.)

  • whiskeyjack (unregistered)

    Haha, Strongbad emails, I loved those.

  • (cs)

    No, no unicorns. But here is the lighlty edited original submission:

    <!-- For the dense, the message came from their IDS after multiple logins from an invalid account. Apparently, some people need the joke explained. --> <!-- Not possible? Take it up with Mike: in the late '90ies, when we still had our main CRM system running on Digital's VMS, our new colleague Mr. Virrus(*) requested access to our CRM system. A few days later they told him that his account should be accessible "somewhat throughout the day". So, naturally, he would try to log in every now and then throughout the day. Not long after, the VMS machine would generate alerts of the form "Virrus is attacking system", causing instant panic amongst the system administrators. I mean, who would ever have heard of a virus attacking a VMS system? So, of course, nobody knew what to do. Having someone from management asking how it could be that a production machine wasn't equipped with anti-virus software wasn't really helping. In their helplessness, they immediately shut-down the production system and contacted Digital's VMS support. Needless to say, they were as stupefied as everyone else, and with the machine being shut-down, analysis of the situation was not exactly an easy task. It was pure coincidence that Mr. Virrus's call to the Service Desk as to why he could no longer reach the machine reached the right person who reached the right conclusion about what had happened, and after a big laugh and half a day of production outage, they started bringing the system back online. (*) Changed for anonymity, but his real name also sounds like "Virus" -->

    So, most details correct, a bit of creative writing for entertainment purposes.

  • Joey Jo Jo Junior Shabadoo (unregistered)

    This story reminded me of the kind of stuff you'd hear from 'that one guy in 6th grade'.

    You know the one, he had a copy of Leisure Suit Larry 4 with the FMV intro and wrote his own viruses which usually featured full speech and digitized faces.

  • Kef Schecter (unregistered) in reply to dpm
    dpm:
    Kef Schecter:
    Who says a human can't type and dispatch an alert so that others can read it?
    Because VMS doesn't work that way, as any system manager would know.
    Who says that the "alert log" in question was built into VMS? Sometimes people write things called "software" that extend the functionality of the operating system.

    Or was VMS so weak that it couldn't run such a thing?

  • Gaspar (unregistered) in reply to JH

    That is the VMS error message (or close to it, the article author paraphrased) for a repeated failed login attempt. After X number of entries the system may notify a list of users to such an attempt.

    The real WTF is that this companies administrators did not immediately realize this as it would have a system message pre-fix something like:

    %UAF-W-

    Informing the administrators what subsystem is issuing the warning.

  • Gaspar (unregistered) in reply to Kef Schecter

    @Kef Schecter

    Why would you re-write a tool that already exists without adding functionality?

    (Posted from a machine running OpenVMS 7.2 by the way.)

  • (cs) in reply to Gaspar
    Gaspar:
    The real WTF is that this companies administrators did not immediately realize this as it would have a system message pre-fix something like:

    %UAF-W-

    Actually the message would be

    %LOGIN-F-NOSUCHUSER, no such user

  • (cs) in reply to Kef Schecter
    Kef Schecter:
    dpm:
    Kef Schecter:
    Who says a human can't type and dispatch an alert so that others can read it?
    Because VMS doesn't work that way, as any system manager would know.
    Who says that the "alert log" in question was built into VMS? Sometimes people write things called "software" that extend the functionality of the operating system.
    Your weakly sarcastic and feeble attempt at righteous indignation is misplaced, as I already addressed this possibility. Please read the comments before posting.
  • doonyd (unregistered)

    I call BS

  • Edward Royce (unregistered) in reply to dpm
    dpm:
    ... Why does no one recognize the recently created username? ...

    They didn't recognize it because the "Virrus" account hadn't been properly created.

  • Kef Schecter (unregistered) in reply to dpm
    dpm:
    Your weakly sarcastic and feeble attempt at righteous indignation is misplaced
    Righteous indignation? I was just being silly. Please remember that you can't hear somebody's tone of voice on the internet and you should give them the benefit of the doubt.
    dpm:
    as I already addressed this possibility. Please read the comments before posting.
    I have searched all your comments in this thread and do not see where you have addressed it. The closest I found was your response to this:
    boog:
    Forgive my lack of VMS knowledge, but is it possible to have a custom process that captures such entries and publishes abbreviated messages to admins?

    ...However, that post wasn't necessarily talking about the same thing. I'm talking about something more like an e-mail, a support ticket, that kind of thing. Something a human wrote, not an automatic process that watches for writes to OPERATOR.LOG and dispatches summaries. "Alert log" can mean virtually anything.

  • tradie (unregistered) in reply to Todd Lewis
    Todd Lewis:
    Having once submitted a story only to see it "edited" (i.e. mangled) to the point that it made me look like a bigger idiot than the wtf involved, I have a lot of sympathy for our anonymous submitter. [sigh]

    Still whining about that? The ONLY thing that made you look like an idiot was your complaint about the harmless and flattering rewrite of your text.

    Apparently the only thing which would have satisfied you would have been a panegyric both boring and comprehensive:

    "Tod Lewis consulted with his smart, diligent co-workers, Bruce, David, John, William, Jacob, Ethan, Michael and Joshua and, following all relevent procedures, and according to best industry practice, Bruce, David, John, William, Jacob, Ethan, Michael, Joshua and Tod eventually identified a subtle feature, which they were able to work around after carefully testing, making backups, and testing the backups.

    Fortunately it had not been a critical incident, but if it had been, the flawless teamwork of that top-calibre group of employees would have been just as important as it was in this carefully and accurately documented little anecdote"

  • NameNotFoundException (unregistered) in reply to Fred
    Fred:
    My employer landed a large contract with a government agency. Contract specified that we must have a virus scanner.

    No amount of explaining that Solaris headless servers don't get viruses (because there is no luser to click allow on whatever pops up, and even if they did, they don't have permissions to install or modify software) would suffice. Contract says virus scanner, install a virus scanner. Period.

    So...

    grep -i virus /var/log/messages

    Done.

    Now this is a WTF worthy of the front page.

  • Sascha Leib (unregistered)

    The RWFT™ is of course the bad habit of truncating, or otherwise mangling, real people's real names to come up with some more or less useful system usernames. I have seen many instances where this has caused trouble because the new word spelled something derogatory or insulting.

    For my own name, the worst so far was "sale" (go figure), which leads to the rather misguiding email address in the style of "[email protected]" - Well, I made a lot of new friends who all wanted to tell me about their products... unfortunately, none of the women who wrote in wanted to date me. Duh!

    However, there are people out there that have even less luck with their companies' account name policy... Anybody knows a good (real!) one?

    /sascha

  • non-english speaker (unregistered)

    WTF here is mixing some data with the message text. How the person that reads the log is supposed to tell user id from the message? Usually, while creating any log or error messages, I try to enclose everything data-related with single quotes (i.e. "'Virrus' is attacking the system"). This rule allows to see if empty string got into the logs too. Sorry for my english :) TODO: read other comments

  • FailureWT (unregistered) in reply to Sascha Leib
    Sascha Leib:
    <snip>

    However, there are people out there that have even less luck with their companies' account name policy... Anybody knows a good (real!) one?

    /sascha

    Yep, Dave Stone at a place I worked in the late nineties. Email address was [email protected]

    Dave, man, pass me the doob...

  • (cs) in reply to robbak

    I did view the source, but the "explanation" was not there when I did.

    For the dense, the message came from their IDS after multiple logins from an invalid account. Apparently, some people need the joke explained.
    Apparently, there is no difference between telling a joke and hacking it into little pieces, showing only a few of them to people, and then expecting them to "get it".
    "So, of course, nobody knew what to do."
    And, of course, it makes a much better joke to leave the implication that it was the operating system's message instead of admitting that it was a layered product (either homegrown or from some other vendor, certainly not Digital software) issuing the alert --- which no one recognized.
    So, most details correct, a bit of creative writing for entertainment purposes.
    "A bit"? Bullshit. Creative is something like "cloak of shadows", which is fine; this was deliberate omission of critical information (the CRM) which made it look like something completely impossible.

    Entertaining? I suppose. But to anyone with a modicum of knowledge in the appropriate area, it's quite irritiating . . . like the end of WarGames, where a computer explodes just because a simulation is run. And the worst of it is that there was no reason to ruin what was a decent WTF (the entire staff is so incompetent that they shutdown a mainframe just because they forgot about their own IDS).

  • Vollhorst (unregistered)

    Create account Please enter your desired username Virrus Error. Username does not fit the paranoia regulations. Desease Error. Mike doesn't like that one. Fuck You Error. Name already taken. Damnit Error. File not found.

  • Al (unregistered) in reply to Anon
    Anon:
    You will feel the wraith of his noodly appendages.

    Because FSM's a ghost?

  • godisnowhere (unregistered)

    I call BS on this entry.

  • yet another Steve (unregistered)

    I'm not buying it... Who ever heard of the Sales guys being there after the IT guys on a Friday afternoon?

  • PG4 (unregistered)

    So now we are told this came from some IDS. I'd ask why the hell would you add an IDS to a VMS system when you already have the Intrusion Detection Facility out of the box. If it was a NIDS system rather than a HIDS, then that is really sucky software to put out message that is not very clear. I would expect something like, "Excessive repeated login attempts by user XXXXXX to host YYYYYY", not XXXXX is attacking the system.

    On to virus scanners. We are required to load one on our *NIX based systems. However, it must be an approved by a central security group. To bad the approved virus scanner doesn't have a version for of all of the OS level/processor types we have. We are constantly explaining to the security folks that there is no scanner for X running on a Y hardware. They say that we haven't looked right at the download site. We tell them, OK, you find it then, they never can find it.

    Of course I have to be a smart ass and ask them, "So this scans for Windows viruses on *NIX boxes. It will never run on those machines, so why are you checking?" The answer is that we may be storing a file that is infected. To that I say, "OK, but these systems don't exchanges files with Windows, they are DB servers, or other things. Also, wouldn't yoru anti-virus on the PC block it right away, or don't you trust it?"

    Now I start getting a dirty look, but I continue to push them. "So to make double sure you want the *NIX, VMS, and Mainframes look for PC virus files, does the PC virus checker look for *NIX, VMS and Mainframe based viruses? It seems like that would be the best thing to do from security perspective if I follow your reasoning"

    Now they get mad and walk away muttering something about how I don't understanding security. I bit my tongue and don't tell them that they don't understand basic logic.

  • Anonymous (unregistered) in reply to robbak
    robbak:
    No, no unicorns. But here is the lighlty edited original submission: <!-- For the dense, the message came from their IDS after multiple logins from an invalid account. Apparently, some people need the joke explained. --> <!-- Not possible? Take it up with Mike: in the late '90ies, when we still had our main CRM system running on Digital's VMS, our new colleague Mr. Virrus(*) requested access to our CRM system. A few days later they told him that his account should be accessible "somewhat throughout the day". </div> So, most details correct, a bit of creative writing for entertainment purposes.</div></BLOCKQUOTE> For the dense editor; this suggests that the error message was coming from 'their own home baked CRM system written by some nerd and a bad laugh', intead of the 'VMS Operating System'. Which means that the operators are still dense because they should have recongised that the error was coming from something other than the OS. And the editor ("Remy Porter") is dense for implying in the story that the OS was generating the error. Notice how the stupid editing compeltely throws the story? We're not dense for 'needing the joke explained'. The joke was obivious -- "$PERSON_WITH_NAME_LIKE_VIRUS triggered $SOME_ALERT by $OPERATING_SYSTEM and managment panics" -- but the way the story was written, it was impossible for $SOME_ALERT to happen. It's only when you know $OPERATING_SYSTEM is probably $HOME_BREW_CRM_SYSTEM that it becomes plasuable. Not actually amusing, but plausable. Something doesn't add up, anyway.
  • Mark (unregistered)

    I imagine this company or person named Virrus gets this alot.

  • Worf (unregistered) in reply to EvilTeach
    EvilTeach:
    VMS is the greatest OS ever developed. QED

    Yep, that's why a good chunk of people use one of its (spiritual) successors today - Windows! (Technically, Windows NT descendants - NT, 2000, XP, Vista, 7).

  • genitus (unregistered) in reply to dpm
    dpm:
    I _did_ view the source, but the "explanation" was not there when I did.
    For the dense, the message came from their IDS after multiple logins from an invalid account. Apparently, some people need the joke explained.
    Apparently, there is no difference between telling a joke and hacking it into little pieces, showing only a few of them to people, and then expecting them to "get it".
    "So, of course, nobody knew what to do."
    And, of course, it makes a much better joke to leave the implication that it was the operating system's message instead of admitting that it was a layered product (either homegrown or from some other vendor, certainly not Digital software) issuing the alert --- which no one recognized.
    So, most details correct, a bit of creative writing for entertainment purposes.
    "A bit"? Bullshit. Creative is something like "cloak of shadows", which is fine; this was deliberate omission of critical information (the CRM) which made it look like something completely impossible.

    Entertaining? I suppose. But to anyone with a modicum of knowledge in the appropriate area, it's quite irritiating . . . like the end of WarGames, where a computer explodes just because a simulation is run. And the worst of it is that there was no reason to ruin what was a decent WTF (the entire staff is so incompetent that they shutdown a mainframe just because they forgot about their own IDS).

    My, aren't you just a whiny little bag-o-bitch today, dpm. Take a breather, calm down, and try to be a little more fun at the party, hey?

  • drusi (unregistered) in reply to dpm
    Pytry:
    J:
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"

    It's called religion.

    No, religion produces books. It's called theater.

    dpm:
    But to anyone with a modicum of knowledge in the appropriate area, it's quite irritiating . . . like the end of _WarGames_, where a computer *explodes* just because a simulation is run.
    I don't remember that scene...
  • khane (unregistered) in reply to J
    "The best company on Earth would be the one that sells without ever producing anything- pure profit!"
    I worked for them once. Unfortunately customers eventually wanted something in return :(.

    Just curious, Republicans or Democrats ?

  • (cs) in reply to FailureWT
    FailureWT:
    Sascha Leib:
    <snip>

    However, there are people out there that have even less luck with their companies' account name policy... Anybody knows a good (real!) one?

    /sascha

    Yep, Dave Stone at a place I worked in the late nineties. Email address was [email protected]

    Dave, man, pass me the doob...

    A friend of mine once told me about a guy he knew named Takeshi. I don't remember his last name, but it started with a T. So his email address was [email protected]

  • Gerb (unregistered)

    Gerb posting comment!

  • khane (unregistered) in reply to Jerry
    So is there any scenario where killing the corporate mainframe is the right decision?

    I saw it three time. The first time was after a mild flood, the AS 400 was in 30cm of water or so. It was working fine as if nothing was wrong. We shut it down none the less.

    The second time was on a VMS with a defective drive/disk card/memory/ I\O or whatever. Result was : the drive was spurting errors by the dozen but users only saw that one of the application was missing data. What happened next is that since the veteran VMS admin was not available, the not so veteran VMS admin decided to restore a backup. Long story short : application was unavailable, and the backup tape was stucked dead int the tape drive. Forced shutdown was initiated and Compaq (yes good days were already over) was called. We had to open the tape drive to get the tape back and restore on another system. The deffective system went to Compaq never to be seen again, I still do not know what happened exactly.

    The third time was on an AS400 again. It was a very simple thing to do : consolidate a library, back it up and update it. Except for some reason it somehow transformed into backup library then consolidate it then do a full system upgrade.... Had any of us been a master in AS/400 we probably would have had a solution ready, but we did not, this was a "small" car retailer and pretty much everything was handled by consultant. The consultant that was here for help and who detected the problem (and might have started it in fact) was literraly tetanized, the only thing we could get from him was that if the system upgrade started it could take days to complete. We were afraid to abort the active work for fear that the upgrade would start up immediatly after. We were afraid to swtich work, we were afraid to kill the update as soon as it started for fear that we might actually break something. As consolidation was nearing end (we are talking in terms of minutes here, at best) it suddenly became very sensible to simply pull out the power plug.

    We did.

    Two hours later the system was up and running thanks to the help of two IBM consultants. Although they remained very polite they made it quite clear about what they thought of our way to "administer" an AS/400. The good point though is that it convinced management about the necessity of an in house expert, no matter how expensive they were. The bad point is that I do not know what I would do if I was in a similar situation today.

  • chkarrer@aman'thuul (unregistered) in reply to dpm

    Good thing it wasn't OpenVMS - it has some TRULY scary sounding error messages. Found this one while doing some casual googling to see how configurable login error messages in VMS are:

    ACTERR, error activating ICBM 
    

    Facility: IOGEN Explanation: OpenVMS was unable to activate the proper IOGEN Configuration Building Module during device autoconfiguration. Most likely, the image SYS$SHARE:SYS$ICBM.EXE is not present on your system disk or is not installed. User Action: Check to see whether the image file exists and verify that it is installed as a known image...

  • Anonymous (unregistered)

    I liked this WTF. I pretty much figured out what happened from the main text - intrusion detection starts throwing warnings about a given user "attacking" the system because he tried logging in too many times with an invalid password (since the account had not been set up yet and the password did not exist). The HTML comments verified this completely but it wasn't really necessary and kind of gave away the joke. Not sure why so many people thought this was unlikely or untrue, but then I've never really got my hands dirty with a VAX mainframe so maybe you guys are better placed to decide than I am.

  • Jernau (unregistered) in reply to Migala

    Hey, buddy.

    Fuck you.

    Signed -

    Helpdesk operator working to finish his masters in CS who tries to solve as many problems as possible on a daily basis.

  • dp (unregistered)

    Agree with other people that this one is not as good eh? How come it's "attacking" and why admins received emails? ... not making sense ...

  • The 2-Belo (unregistered)

    Maybe it was the "Now Playing" information on the user's PC. Some crappy metal band.

    Virrus -- "Attacking System"

  • Jay (unregistered) in reply to Jernau
    Jernau:
    Hey, buddy.

    Fuck you.

    Signed -

    Helpdesk operator working to finish his masters in CS who tries to solve as many problems as possible on a daily basis.

    Holy shit, a helpdesk drone managed to write 4 lines without having to read them off a script. I don't think I've ever seen that level of intelligence from your kind before. Maybe one day you'll be promoted to testing, huh?

  • (cs)
  • (cs) in reply to Matt Westwood
    Matt Westwood:
    Maybe if Remy spent less time drinking and more time taking English classes, we wouldn't have to read this garbage.

    'scuse me? "have to" ???

    So, like, what? There's nothing else on the internet to read? For that matter, there's nothing else on OR OFF the internet to read?

    Oh, I know: You're taking a "Web" class on the local community college and TDWTF has been assigned as a research project. No? Then I'm stumped as to why you HAVE TO read this garbage.

Leave a comment on “Virrus Attack!”

Log In or post as a guest

Replying to comment #:

« Return to Article