Security failure brings costly clean-up

Australian IT managers were on virus alert last week coping with the aftermath of the ‘IloveYou' bug and its destructive variants.

Qantas, BHP and Coles Myer are just a few of the big name Australian companies sifting through the wreckage created by the virus which research firm Computer Economics estimates has spread to more than 45 million e-mail users worldwide.

As a result of the havoc the virus created, Computer Economics said the damages bill has already reached $10 billion.

BHP Australia was forced to close down its Internet gateway for a day as more than 20,000 users worldwide were infected by the virus.

Despite its comprehensive virus scanning measures, Ian Dart, managing director of BHP, said the entire intranet was infected.

"We are back on track now but the clean- up has been huge," Dart said.

"Fortunately our system of cleansing and backup is good so staff were alerted early.

"However, our whole virus scanning regime just wasn't effective so obviously we need to take another look."

Dart said a quick response by IT support staff ensured the impact on business was minimal but agreed the cost to companies affected by the virus has the potential to run into hundreds of millions of dollars.

BHP spokeswoman Maree Arnason said hundreds of bugs are detected by the organisation's scanning software each week and only a small percentage of those detected are new viruses.

"We have the latest in protection software and consistently detect new viruses which are part and parcel of development," she said.

"We just have to keep updating our virus scans and building our firewalls."

While some organisations have extremely strict e-mail policies for employees, such as the quarantine of messages for up to 24 hours, Arnason said the real-time nature of business did not always allow for such controls.

Rob Foster, IT manager at BHP, said the process of monitoring, clearing and cleansing the network led to a backlog which slowed down the system. He said the secure alert network provided an effective measure of protection during the aftermath.

Assessing the susceptibility of Microsoft under security attack, Foster said Microsoft programs are simply more prevalent with a more adaptable platform.

However, Qantas Airways which uses Lotus Notes still detected evidence of the virus on its network during the initial attack.

Qantas spokeswoman Patricia Maher said the damage was minimal and it did not impact on operations, but it proves Lotus was not immune from the virus.

The destructive bug and its variants not only replicate at incredible speed clogging e-mail servers, the virus also copies itself into JPEG and MP3 files essentially destroying the original file.

Microsoft Outlook user Coles Myer was forced to place a delay on all external e-mail messages during the outbreak of the virus.

"We had an early alert and immediately tied down all communication networks which inevitably slowed down the system and led to some delays," said Lisa Amor, spokeswoman for Coles Myer.

At New Holland Australia the virus was sent to 70 users before the scanner detected the bug.

However, according to Neil Vassord, IT manager at New Holland, the message didn't replicate because there was no Windows Scripting Host.

"Although the virus was sent to our e-mail there was no scripting host for the message to replicate," he said.

"We were satisfied our antivirus software was effective and all messages were scanned and cleared before any replication could take place."

Vassord said the design of Miscrosoft Outlook left it open to viruses such as the love bug because it has features that can be easily manipulated by attackers.

While most companies have e-mail policies in place that do not include the direct monitoring of employee messages, food company Pauls Limited claims it was not affected by the virus because of the tight network controls it enforces.

Paul's client services manager, Guy Stocker, said the company was not hit by the virus because staff do not have immediate access to attachments.

"All attachments for Word, Excel and PowerPoint are quarantined so the sender and receiver can be notified before it is released," Stocker explained.

"Staff cannot have ISP accounts, Hotmail or CD drives and our SAP server always comes first."

And Greyhound Pioneer Australia, which uses Groupwise, believes Microsoft is definitely more vulnerable to the spread of viruses.

"Groupwise isn't that well known so people don't freely write viruses for it the way they do for Microsoft," Greyhound spokeswoman Julianne Cumberford said.

However, some IT managers disagree.

Tristan Chiu, operations manager at George Weston Foods, said the danger is the same whether you are a Microsoft user or not.

"Microsoft is not the issue, it just comes down to diligently updating your antivirus software and being wary of attachments," he said.

Join the newsletter!

Error: Please check your email address.

More about BHP BillitonColes GroupGatewayGeorge Weston FoodsMicrosoftQantasQantas AirwaysSAP Australia

Show Comments

Market Place