IT chief: Fake city e-mails no worry

-A A +A

Says defensive software stripped virus from fraudulent attachments

By Mark Manicone

A virus affected the city of Lancaster’s e-mail server Tuesday morning, causing random e-mail addresses associated with the city to send out messages with attachments intended to infect other computers.

But the scheme didn’t work, said city IT Director Jarvis Driggers. There is no danger to anyone who received the e-mails or clicked on attachments, he said, because the city’s anti-virus software “stripped the virus off the documents.”

“The software stripped it off the outgoing attachment, so the end user would’ve only seen a blank document,” he said.

Driggers referred to the virus as a “Zero Day Virus” – a totally new virus that security software can’t protect against yet. The city updates its virus protection every Sunday in order to combat constant viral threats.

“All the security companies have never seen it before,” he said. “They’re in the process of making a patch to address it, and apply it nationwide.

“It happened at 8 a.m., and we had all accounts blocked by 8:45. Because we were able to block it quickly, it didn’t affect the database,” he said. “The only thing it attacked was the e-mail, sending out these attachments.”

The e-mails this virus sent out took the form of previously sent or forwarded messages rebranded as new messages from a new e-mail address.

For example, an actual October e-mail from City Clerk Tracy Rabon about a city grievance hearing was sent again, except from the e-mail address of Mayor Pro Tem Tamara Green Garris.

City Administrator Flip Hutfles said there was no hacking or breach of the city’s computer system, and that no information was stolen or compromised.

“We were able to quarantine the system, and lost no data,” he said.

Hutfles first noticed something was wrong Tuesday morning after receiving suspicious e-mails from the municipal court and a dispatcher.

The county took no risks and blocked all e-mails from the city to county officials on Tuesday, County Administrator Steve Willis said.

“We’re telling everybody if you have to do business with anybody at the city, pick up the phone and call them,” Willis said. “Don’t try e-mailing them because our e-mails won’t go through to them and their e-mails won’t come to us, until they can kind of get a handle on what they’ve got going on.

“We have not been hit. Obviously with the city being hit they’re now going to be on high alert for the next couple days because if someone clicked a city attachment, that’s all it would take for us to get infected,” he said.

“We could be hit tomorrow with something totally different…. It’s always a crapshoot. We do the best we can and go from there.”