Linked by Andrew Youll on Sat 4th Feb 2006 14:15 UTC
Bugs & Viruses Trading was suspended for an hour at Russia's main stock exchange because of a computer virus, the Russian Trading Systems, or RTS, said Friday. Data processing was paralyzed late Thursday afternoon as specialists rushed to localize the virus and switch off the infected computer, according to a statement from the exchange. No permanent damage was caused and no information was lost. Spokeswoman Zoya Konovkova said it was not clear what virus had led to the shutdown. According to RTS vice president Dmitry Shatskoi, the virus entered the system via a computer used to test new software, which was connected to the Internet.
Order by: Score:
Serious problem...
by 1c3d0g on Sat 4th Feb 2006 15:47 UTC
1c3d0g
Member since:
2005-07-06

The person who committed this very irresponsible act should be fired immediately. This should never happen again, and I believe a thorough review of the Exchange's security policy is in place, and some measures to prevent this type of incident will have to be added as well.

Reply Score: 1

Questions
by MikeGA on Sat 4th Feb 2006 15:53 UTC
MikeGA
Member since:
2005-07-22

Two Questions:

1. Why on Earth is the Stock Exchange in Russia running a Windows machine? Surely for something as critical as this you want a proper Unix or Linux system that is totally locked down?

2. They said the problem was that the machine was generating too much parasitic network traffic for their routers to cope. If it really was one machine, should just one computer running falt out be able to take down the router that's supposed to handle a large portion of their network?

Reply Score: 4

RE: Questions
by helf on Sat 4th Feb 2006 16:54 UTC in reply to "Questions"
helf Member since:
2005-07-06

well, this IS russia ;D could have been a single 10mbit router ;D

(and I'm joking, before anyone flames me...)

Reply Score: 2

v RE: Questions
by rx182 on Sat 4th Feb 2006 17:13 UTC in reply to "Questions"
RE[2]: Questions
by DeadFishMan on Sun 5th Feb 2006 02:56 UTC in reply to "RE: Questions"
DeadFishMan Member since:
2006-01-09

Do they really use Windows? Stop trolling and give me your sources.

Oh, puhleeeeze! The article specifically mentions the Kama Sutra virus. Which OS is the target of that virus once again?

(Geez! I didnīt see SUCH question coming...)

Reply Score: 2

RE: Questions
by Celerate on Sat 4th Feb 2006 17:26 UTC in reply to "Questions"
Celerate Member since:
2005-06-29

"They said the problem was that the machine was generating too much parasitic network traffic for their routers to cope. If it really was one machine, should just one computer running falt out be able to take down the router that's supposed to handle a large portion of their network?"

It does say they didn't know which computer was infected and the reason they had to shut down was because that unknown computer was flooding their router(s). If they had known which computer was infected I doubt they would have had so much downtime if any. What surprises me is that they didn't have some sort of redundant backup system, for something as important to people as a stock exchange you'd think for sure there'd be a backup.

Reply Score: 2

RE[2]: Questions
by Tyr. on Sat 4th Feb 2006 17:52 UTC in reply to "RE: Questions"
Tyr. Member since:
2005-07-06

It does say they didn't know which computer was infected and the reason they had to shut down was because that unknown computer was flooding their router(s). If they had known which computer was infected I doubt they would have had so much downtime if any. What surprises me is that they didn't have some sort of redundant backup system, for something as important to people as a stock exchange you'd think for sure there'd be a backup.

Well there could have been a backup system. Maybe it just took an hour to switch over, lord knows failovers don't always go as smoothly as they should.

What boggles my mind is that they have a computer sitting there with access to their core network connected to the internet. Haven't these people heard of a DMZ ? Then there's the fact that they are running tests in a production environment. And what kind of financial software connects over the internet anyway - that should use something like Radianz lines.

If I were caught being equally negligant at work I would be out on the street in a heartbeat.

Edited for spelling.

Edited 2006-02-04 17:56

Reply Score: 2

RE: Questions
by Sphinx on Sat 4th Feb 2006 17:42 UTC in reply to "Questions"
Sphinx Member since:
2005-07-09

3. Did they get those nude pictures of Miss Lebanon 2006?

Reply Score: 1

RE: Questions
by Dark_Knight on Sat 4th Feb 2006 17:53 UTC in reply to "Questions"
Dark_Knight Member since:
2005-07-10

Re: "1. Why on Earth is the Stock Exchange in Russia running a Windows machine? Surely for something as critical as this you want a proper Unix or Linux system that is totally locked down?"

A lot of this comes down to what software is being used for Russia's stock exchange system. As well how knowledgeble their I.T. Support staff are. It's possible that the current software doesn't run on Wine or is not ported to Linux at this time. Though I do believe as so many other companies have learned that even having Linux used for the server which feeds the network would of provided better security.

Re: "2. They said the problem was that the machine was generating too much parasitic network traffic for their routers to cope. If it really was one machine, should just one computer running falt out be able to take down the router that's supposed to handle a large portion of their network?"

While Russia's economy is still rebuilding it would be a good idea for them to use companies such as IBM, Novell, etc to help build a strong network. For one computer to cause an entire network to fail is unacceptable. The technology and information is already present to prevent such occurances.

Edited 2006-02-04 18:03

Reply Score: 2

RE[2]: Questions
by ma_d on Sat 4th Feb 2006 20:22 UTC in reply to "RE: Questions"
ma_d Member since:
2005-06-29

They should probably write their own software for it anyway... And if they started out on Windows 12 years ago, well, then they're lucky they're still a country ;) .

Or at least only buy software from a company which doesn't write single platform only code... Stock exchanges are too important to be left up to one company for the needed platform!

Reply Score: 1

ouch baby ouch
by SEJeff on Sat 4th Feb 2006 16:59 UTC
SEJeff
Member since:
2005-11-05

You would *really* think that something as critical as the stock exchange would have serious computer security in place with proactive policies to prevent problems like this from happening. Forget being fired, the people responsible for this should be jailed. Even if accidental due to extreme neglect, this is economic sabatoge. If only they did like people in the US stock exchange:
http://news.com.com/2100-1016_3-1014287.html
http://www.wallstreetandtech.com/showArticle.jhtml?articleID=604050...
http://www.guardiandigital.com/company/casestudies/stock.html

Reply Score: 1

RE: ouch baby ouch
by TaterSalad on Sat 4th Feb 2006 17:30 UTC in reply to "ouch baby ouch"
TaterSalad Member since:
2005-07-06

Those are some dangerous words you are posting there. Just switching to linux doesn't mean automatic security. All it takes is one open port, one guessed password, one simple exploit no matter what the platform. Switching to linux isn't the end all be all for security problems.

Reply Score: 5

RE[2]: ouch baby ouch
by Sphinx on Sat 4th Feb 2006 17:44 UTC in reply to "RE: ouch baby ouch"
Sphinx Member since:
2005-07-09

Yes, you must eliminate the carbon based life forms for absolute security.

Reply Score: 4

RE: ouch baby ouch
by Celerate on Sat 4th Feb 2006 18:03 UTC in reply to "ouch baby ouch"
Celerate Member since:
2005-06-29

That's way too extreme, neither of you two know the circumstances behind this. What if the guy had to run the software connected to the internet so it could be fed the information it needed and what if it needed to be connected to the other computers to perform it's function(s). Bean counters don't always budget in for proper test environment that's separate from the working machines, in fact too often in business you're constrained to the least possible resources possible so the guy's on top get fatter paychecks.

And how could he have known there was a virus on the system, they couldn't name it so maybe it's new or worse yet was specially designed just for this. If it's not something that was known of before then AV software wouldn't have had much of a chance to detect it's presence. There's also a problem with watching for virus-like behaviour, and that is that it's not guaranteed to do anything obvious while you're watching it, usually viruses have a trigger that causes them to start doing whatever it was they were designed to do.

It's easy to bite the guy's head off and call him incompetent, especially when you don't know the circumstances under which this happened. This reminds me of the airline industry where pilots tend to be fired if their planes ever crash, even if it's because of a technological malfunction or sometimes just something left on the runway.

Reply Score: 1

RE[2]: ouch baby ouch
by Celerate on Sat 4th Feb 2006 18:04 UTC in reply to "RE: ouch baby ouch"
Celerate Member since:
2005-06-29

Sorry, wrong thread. This was supposed to go with the "Serious problem..." thread.

Reply Score: 1

RE[3]: ouch baby ouch
by Celerate on Sat 4th Feb 2006 18:05 UTC in reply to "RE[2]: ouch baby ouch"
Celerate Member since:
2005-06-29

On second thought, it does apply to the parent for this thread too.

Reply Score: 1

v Kill 'em all !
by agentj on Sat 4th Feb 2006 19:02 UTC
RE: Kill 'em all !
by suryad on Mon 6th Feb 2006 17:49 UTC in reply to "Kill 'em all !"
suryad Member since:
2005-07-09

Actually I think it is hilarious. This virus reflects a social issue more than anything else and the guy was simply eploiting the sweet bejesus out of it! LOL think about it this way. The virus I am not sure but it works through some pr0n you are trying to download or view right? Haha that is hilarious...wtf do you need to go look for pr0n!?!? Dont you have women at home like your wife or girlfriend?! Its no fun looking at pr0n when the real thing is so accessible of course in legit ways like when you are in a relationship. I think this is one of the best viruses ever written!

Reply Score: 1

This happens always in Enterprise
by hraq on Sat 4th Feb 2006 20:28 UTC
hraq
Member since:
2005-07-06

This happens always in the enterprise, but the stories do not reach readers until the affected party is huge like in this case the stock exchange market.
Servers' hardware and Software are so complicated, making malfunctioning chances greater. There is a trend nowadays to go to reduced features but reliable ones in software. IT experts suggest to get something lean, very lean and run only necessary software on top of it, to be able to get the problem more quicly when it happens by narrowing the search area for such an offense.
Now windows doesn't allow you to do this; you cannot for example strip windows not to have GUI, but you can do this with any Unix, Linux OSs.

My Advice to the team would be:

1. Run a proven Unix OS on your mission critical servers: Solaris, AIX or HP-UX; Linux is my 2nd chsoice (RHEL or SUSE enterprise)
2. Invest in redundancy: from hardware to software.
eg: Rounters Redundancy, Fiber Optic Storage, Complete systems, PSUs,UPSs,...
3. Run a unix certified software: Oracle, IBM DB2,SAP, Sun software, ...
4. If you need windows desperately, then let it run behind a Unix/Linux Router/Proxy
5. Hire a decent Unix/Linux Certified administrators who will be able to watch for and predict failures on daily basis.
6. Get a consulting firm from now and then to advise you on how to scale up, clean up your servers and to update your software safely.

I know this is expensive, but remember this: "To make money you need to spend money". and Gook Luck after all

Reply Score: 3

Saquatch666
Member since:
2006-01-02

as the Ruskies,the net slowed to a dead crawl here today and this is the first time i have been able to do anything productive all day long on the net.Of course here I run Linux or BeOS so my machines havent even flinched,And yes i agree that they shouldnt havr been running a financial institution with an insecure test platforn wired into their network.Do they still take people out back and shoot them for screwing up over in Russia?

Reply Score: 1