Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


33 posts

Geek


  Reply # 601284 28-Mar-2012 13:55 Send private message

Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 



33 posts

Geek


  Reply # 601285 28-Mar-2012 13:56 Send private message

I do use sipdroid on my android.  That would be the whole?

3570 posts

Uber Geek
+1 received by user: 62

Trusted
WorldxChange

  Reply # 601297 28-Mar-2012 14:12 Send private message

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601308 28-Mar-2012 14:21 Send private message

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?


No.   All my email is instantly forwarded to my gmail account,  I've changed my gmail password (with was strong).  "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts.  Past 10 IP traffic logs has been from my IP address.   

1013 posts

Uber Geek
+1 received by user: 8

Subscriber

  Reply # 601374 28-Mar-2012 16:12 Send private message

scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.



33 posts

Geek


  Reply # 601549 28-Mar-2012 20:40 Send private message

Skolink:
scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.


OK,
  • No viruses, 
  • no Malware running according to Malwarebytes (now monitoring on all the computers on the network).  
  • No suspicious behaviour alerts from Google.  
  • Have checked my Xnet email with my username and password.  It was never forwarded or sent anywhere.  
  • I've run anti virus software on my phone and tablet.  
Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end? 

3570 posts

Uber Geek
+1 received by user: 62

Trusted
WorldxChange

  Reply # 601660 29-Mar-2012 05:49 Send private message

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601682 29-Mar-2012 08:15 Send private message

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.


If this is fraud should I be contacting the Police? 

3570 posts

Uber Geek
+1 received by user: 62

Trusted
WorldxChange

  Reply # 601683 29-Mar-2012 08:19 Send private message

That will be purely up to you, I doubt they will have the resources to investigate it though




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601921 29-Mar-2012 13:59 Send private message

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 

332 posts

Ultimate Geek
+1 received by user: 3

Trusted
WorldxChange

  Reply # 601923 29-Mar-2012 14:00 Send private message

After a little investigation it looks like the device being used may have been exploited. 

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart. 

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns. 







332 posts

Ultimate Geek
+1 received by user: 3

Trusted
WorldxChange

  Reply # 601924 29-Mar-2012 14:00 Send private message

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 


You beat me to it :)  







7853 posts

Uber Geek
+1 received by user: 353

Trusted
Subscriber

  Reply # 601953 29-Mar-2012 14:57 Send private message

Good to get peace of mind on how the account got compromised!



33 posts

Geek


  Reply # 601954 29-Mar-2012 14:59 Send private message

Ragnor: Good to get peace of mind on how the account got compromised!


Aaaaahhhh Yeeesssss!!!!

Not much sleep last night! 

502 posts

Ultimate Geek
+1 received by user: 2


  Reply # 602628 30-Mar-2012 17:00 Send private message

Perhaps a mod can change the title of this thread to "Yealink exploit cost me $400" or something ?

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Semble SIM: compatible handsets
Created by DrDee, last reply by richms on 1-Apr-2015 22:18 (71 replies)
Pages... 3 4 5


Vodafone retention call- A Joke or April fool
Created by geekbhaji, last reply by Blanch on 1-Apr-2015 18:29 (27 replies)
Pages... 2


Jeremy Clarkson reported as being sacked from top gear
Created by KiwiNZ, last reply by hashbrown on 1-Apr-2015 23:54 (197 replies)
Pages... 12 13 14


New Lightbox website
Created by Lightbox, last reply by attewell on 1-Apr-2015 21:34 (24 replies)
Pages... 2


April Fools!
Created by BlueShift, last reply by Mark on 2-Apr-2015 09:46 (46 replies)
Pages... 2 3 4


Spark blocking MediaFire downloads
Created by BarryQuest, last reply by l43a2 on 31-Mar-2015 21:15 (36 replies)
Pages... 2 3


Surface 3: anyone interested
Created by freitasm, last reply by NZCrusader on 2-Apr-2015 09:05 (34 replies)
Pages... 2 3


Tattoos — Are they safe? Do they hurt?
Created by TLD, last reply by TLD on 1-Apr-2015 12:15 (51 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.