This is not your typical article on spyware. Instead, it's a modern-day parable of my own recent experience with a crippling spyware infestation, with some important lessons for sysadmins of all types to learn as a result of my somewhat embarrassing mistakes.
How it happened
First of all, let me provide a little bit of background information. I have been a network administrator and IT consultant for several years, and I have experience in a variety of areas, from helpdesk to server administration to security. As I'm sure is the case for many of you, I am the guy that my family, friends and neighbours call when something goes wrong with their computers. As such, I am no stranger to systems that have been infected with viruses, spyware, and the like.
In my spare time, in addition to more 'socially acceptable' hobbies such as reading and hiking, I am a pretty avid computer gamer. I have been playing computer games in one form or another since the early days of my childhood, and I guess I just never grew out of it.
As I am on the road a fair bit for my consulting practice, I like to play an occasional game on my laptop, whether on a plane or in a hotel room. As many of you are no doubt aware, most modern games require the game disc to be in the drive in order to play the game. Often, the game doesn't require access to any resources on the disc; this is simply implemented as a copy protection measure.
Because of the battery drain caused by spinning the CD/DVD drive, and also because lugging around a stack of game discs in my briefcase is not very appealing for several reasons, I often go out on the web and download 'cracks' for my games to bypass the CD checks. I should say now that every game I play is legally purchased and owned by me, and is installed only on my computer. I only bypass the CD to save battery life and to avoid having to take my discs everywhere.
So I had just installed a new game on my laptop, and I went out on the internet to find a no-CD patch for the game. Unfortunately, this proved more difficult than normal, as the game had just recently been released, and a no-CD file wasn't widely available. The only place I could find it was on some of the seedier websites, frequented by software pirates.
Ordinarily, I would have skipped the files from these sites, and waited until some more trusted websites had the file, but I was scheduled to leave on a business trip the next day, and I really wanted to get this game up and running without the disc.
Against my better judgment, I downloaded the file to my local machine, and ran the patch. Unfortunately, the patch was actually a Trojan, and it proceeded to download a load of particularly nasty spyware on my machine without my knowledge. As soon as I realised what was happening I powered down the machine (literally pulling the plug), but it was too late. The infection had already spread into core components of the operating system.
I spent the next two days trying my best to get all the spyware gunk cleaned out of my machine. Even when it seemed that the infection was gone, I was still plagued by system instability, and for some reason, my blue screen of death was actually green.
Finally, I gave up in frustration and resigned myself to a complete reinstall of Windows. I booted my machine into Safe Mode, copied my important data off to a spare hard drive, formatted my C drive, and ran Windows Setup.
The upside of all this is that at the end of the process, my machine is faster and more stable, free of all the clutter that Windows had collected over the couple of years since my last reinstall. The massive downside is that I spent two full working days trying to clean off the spyware, plus another day and a half getting all my software reinstalled and my backup data migrated over.
But through all of this, I was reminded of several basic, but important, lessons, which I think we should all keep in mind, no matter how experienced and/or knowledgeable we think we are.
Nobody is immune
I think deep down, we all know this one, but the more experienced we get in this field, the more we think that spyware infections only happen to other, less knowledgeable people. The reality is that if we are not careful, if we get lulled into letting our guard down by overconfidence, our machines can be compromised just as easily as anybody else.
Only download from trusted sources
This one is every bit as obvious as the last one, and has been drilled into us to the point that it should be impossible to forget. However, many times we are in a hurry, or our minds are on other things and we don't stop to consider the ramifications of running untrusted software. In my case, despite giving this same advice to countless friends, family members, and colleagues, I was in a hurry and foolishly failed to heed my own advice, to rather embarrassing results.
Backup your system regularly
Do yourself a favour. Go out and buy yourself an external hard drive from someone like Maxtor or Western Digital, and dedicate it exclusively as a backup device. Then set up a backup application such as Windows' Backup Utility or the software included with these drives, and configure your system for regular backups. Or you could plump for an all-in-one solution - CMS Products sells a range of devices for laptops or desktop PCs.
For home computers, I would recommend a scheme such as a full backup once a week, with nightly differential backups in between. This will enable you to restore to the previous night's backup in a worst-case scenario, ensuring you never lose more than one day of work. And put a reminder on your to-do list to check on your backup regularly, to make sure that everything is in working order. After all, the worst time to find out your backup hasn't been working for the last month and a half is when you need to restore last night's data.
Update your antivirus
This is the one that ultimately would have saved me despite all of my previous foolishness. I did have very capable antivirus software installed with all of the latest definition files.
Unfortunately, I had disabled the active scanning feature to troubleshoot a suspected software conflict a few days earlier, and had forgotten to turn it back on. Thus, aside from scheduled scans, I was running completely unprotected from whatever malware made it on to my system. If only I had remembered to turn the active scanning back on, my AV software would have picked up the Trojan the minute I downloaded it from the internet. The file would have been quarantined, and I would have never been given the chance to infect myself.
There is plenty more you can do to protect yourself from malware, but by taking care of these four things, you will do a great deal to minimise your exposure. However, no matter how much technology you deploy to protect yourself, always remember that it is usually the human element that is responsible for security breaches. Thus, no matter how much experience you have, remember never to let your guard down, lest you end up with a story like mine.