We have two servers at work that have repeatedly been wiped out. And by wiped out, I'm talking about the whole hard drive being wiped clean, no files, no folders, nothing. These servers have the latest patches, virus signatures etc. and they are brand new. The one thing we do know is that our employees do store their downloads and consequently music files on these servers (this is against company policy, but we don't have the technology to stop it in real-time).

Anyhow, I'm wondering if there is a DRM-related trojan out there that could be responsible for this. Maybe something that would mess with the partition table of the drive? I would presume that our virus scanners would not catch such a trojan because it would not be classified as a virus per-se.

Of course, if this can happen at work, it can also happen at home with my iPod, I suppose. Has anyone run across something like this?

Yep. I've seen it many times (being in IT myself) and it even happened to MY computer a few years ago when Napster was popular.

I wouldn't think that anything downloaded from any reputable site (iTunes, MSN Music, etc...) would do that, but on the sharing sites..definitely.

There are files disguised as mp3's (ie. file.mp3.exe) that could do this. Presumeably you have redundancy in your servers that will bail you out. If I ran your IT department, I'd make a technological line of defense against this secondary to an older school line of defense - any file sharing software or non work related data stored in company servers can result in immediate termination. If your servers really were wiped out by a virus disguised as an mp3, you have only your own IT policy to blame.

We have a fairly comprehensive virus scanning policy, so I'm not sure this was a comon virus. The only thing I can think of is that this is a file that was "allowed" by the virus scanners for some reason. Also, we have a script that deletes music and movie files every night, but that does not keep people from saving them initially. While I understand the IT's desire to seriously punish offenders, that is not always the policy that management wants to adopt. Besides, we need more than a hunch or suspicion that this is the reason the server crashed.

Can anyone be more specific about what kinds of trojans do this that have been found with music downloads?

Let's not forget, if the RIAA decides to enforce the law against illegal music downloading...they can bring down some hefty fines and legal fees. If that happens, heads will roll in your IT dept.

And please don't think I'm trying to be the 'download police'...I'm all for downloading music...I'm giving you this advice as a fellow (former, actually!) IT guy.

They are laying the smack down on 12 year olds who download a few songs...imagine what they would do to a corporation full of downloaders!

Its the first time i've heard this, but mp3's aren't executable files so i can't see a file with a solo .mp3 file ext. being the culprit. Like mentioned above people can add file extensions to the mp3 tag (ie. file.mp3.exe) and the .exe extention can be hidden by the Operating System which i assume you're using XP. I just did an experiment on my computer while reading this thread and you can try it, it's fairly easy.

Copy/Paste any old mp3 file to your desktop.

In your folder options click the "view" tab, scroll down and make sure the box beside "hide extensions of known file types" is unchecked.

Go to your mp3 file you added to your desktop and rename it 1.mp3.exe

Now, go back to your folder options, click the view tab, and recheck the box beside "hide extensions of known file types".

Now look at your mp3 file on your desktop, it should show 1.mp3 and the .exe file extension is hidden.

The default XP setting is to hide extensions for known file types, so after you download one of these files with a hidden extension from a P2P network, its a timebomb waiting for someone to execute it. So when someone clicks their music file to play it, they unleash a world of hell on your server. This method or virus attaching isn't limited to mp3's, but also pictures (.jpg) and also movies (.mpg, .avi) etc.

Be happy that only your HDD was wiped clean, that might sound harsh, but there are far nastier things that virii can do other than delete data. Backdoors give the "hacker" remote access to your server regardless of its security measures, they can log and distribute passwords, pin #'s, credit card #'s, they can also replicate themselves as seemingly harmless files and cause damage/annoyances for long periods of time until your only option is to reformat the system.

There should be some Administrator settings available to prevent the installation of P2P/target programs on your network, we have them in place at the college i go to. It isn't a foolproof security measure since it takes a bit of computer knowhow to bypass it, but it would deter a large percentage of people from installing unwanted material on your system, and the small percentage of people who can bypass the setting can be delt with strictly.


Wayne