eDiscovery Daily Blog

eDiscovery Best Practices: Checking for Malware is the First Step to eDiscovery Processing

 

A little over a month ago, I noted that we hadn’t missed a (business) day yet in publishing a post for the blog.  That streak almost came to an end last week.

As I often do in the early mornings before getting ready for work, I spent some time searching for articles to read and identifying potential blog topics and found a link on a site related to “New Federal Rules”.  Curious, I clicked on it and…up popped a pop-up window from our virus checking software (AVG Anti-Virus, or so I thought) that the site had found a file containing a “trojan horse” program.

The odd thing about the pop-up window is that there was no “Fix” button to fix the trojan horse.  There were only choices to “Ignore” the virus or “Move it to the Vault”.  So, I chose the best available option to move it to the vault.

Then, all hell broke loose.

I received error messages that my hard drive had corrupted, that my RAM was maxed – you name it.

Turns out the trojan horse has provided a “rogue” pop-up window, designed to look like AVG Anti-Virus, to dupe me into activating the program by clicking on a button.  If you studied the Trojan War in school, you know that’s why they call it a “trojan horse” – it fools you into letting it into your system.

While its common to refer to all types of malware as “viruses”, a computer virus is only one type of malware.  Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program.  A report from Symantec published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications”.

I’ve worked with a lot of clients who don’t understand why it can take time to get ESI processed and loaded into their review platform.  Depending on the types of files, several steps can be required to get the files ready to review, including “unarchiving” of container files, OCR (of image only files) and, of course, indexing of the files for searchability (among other possible steps).  But, the first step is to scan the files for viruses and other malware that may be infecting the files.  If malware is found in any files, the files have to be identified.  Then, those files will either be isolated and logged as exceptions or the virus software will attempt to remove the malware.  While it may seem logical that the malware should always be removed, doing so is technically altering the file, so counsel need to agree that malware removal is acceptable.  Either way, the malware needs to be addressed so that it doesn’t affect the entire collection.

As for me, as soon as the infection was evident, I turned my laptop off and turned it over to our support department at Trial Solutions.  By the end of the day, I had it back, good as new!  Thanks, Tony Cullather!

So, what do you think?  How do you handle malware in your collections?   Please share any comments you might have or if you’d like to know more about a particular topic.

print