Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


33 posts

Geek


  Reply # 601284 28-Mar-2012 13:55 Send private message

Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 



33 posts

Geek


  Reply # 601285 28-Mar-2012 13:56 Send private message

I do use sipdroid on my android.  That would be the whole?

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601297 28-Mar-2012 14:12 Send private message

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601308 28-Mar-2012 14:21 Send private message

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?


No.   All my email is instantly forwarded to my gmail account,  I've changed my gmail password (with was strong).  "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts.  Past 10 IP traffic logs has been from my IP address.   

999 posts

Ultimate Geek
+1 received by user: 8

Subscriber

  Reply # 601374 28-Mar-2012 16:12 Send private message

scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.



33 posts

Geek


  Reply # 601549 28-Mar-2012 20:40 Send private message

Skolink:
scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.


OK,
  • No viruses, 
  • no Malware running according to Malwarebytes (now monitoring on all the computers on the network).  
  • No suspicious behaviour alerts from Google.  
  • Have checked my Xnet email with my username and password.  It was never forwarded or sent anywhere.  
  • I've run anti virus software on my phone and tablet.  
Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end? 

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601660 29-Mar-2012 05:49 Send private message

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601682 29-Mar-2012 08:15 Send private message

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.


If this is fraud should I be contacting the Police? 

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601683 29-Mar-2012 08:19 Send private message

That will be purely up to you, I doubt they will have the resources to investigate it though




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601921 29-Mar-2012 13:59 Send private message

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 

304 posts

Ultimate Geek

Trusted
WorldxChange

  Reply # 601923 29-Mar-2012 14:00 Send private message

After a little investigation it looks like the device being used may have been exploited. 

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart. 

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns. 







304 posts

Ultimate Geek

Trusted
WorldxChange

  Reply # 601924 29-Mar-2012 14:00 Send private message

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 


You beat me to it :)  







7528 posts

Uber Geek
+1 received by user: 235

Trusted
Subscriber

  Reply # 601953 29-Mar-2012 14:57 Send private message

Good to get peace of mind on how the account got compromised!



33 posts

Geek


  Reply # 601954 29-Mar-2012 14:59 Send private message

Ragnor: Good to get peace of mind on how the account got compromised!


Aaaaahhhh Yeeesssss!!!!

Not much sleep last night! 

397 posts

Ultimate Geek


  Reply # 602628 30-Mar-2012 17:00 Send private message

Perhaps a mod can change the title of this thread to "Yealink exploit cost me $400" or something ?

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Forms of government for New Zealand
Created by charsleysa, last reply by Geektastic on 20-Apr-2014 15:40 (118 replies)
Pages... 6 7 8


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by Sideface on 17-Apr-2014 17:28 (735 replies)
Pages... 47 48 49


why does the tax payer have to pay for the prince and princess' 6 star holiday?
Created by joker97, last reply by Geektastic on 17-Apr-2014 15:49 (67 replies)
Pages... 3 4 5


galaxy s4 now on 4.4.2
Created by nzrock, last reply by jeffnz on 20-Apr-2014 14:10 (59 replies)
Pages... 2 3 4


Whats the best wife friendly media centre?
Created by amorpeth, last reply by jonolynn on 19-Apr-2014 20:20 (14 replies)

Snap suffering Trans-Tasman congestion 18/04?
Created by Lias, last reply by NonprayingMantis on 19-Apr-2014 00:05 (26 replies)
Pages... 2


Help ! Home business connection and VDSL dead. yikes.
Created by Scotsman, last reply by Scotsman on 17-Apr-2014 21:10 (26 replies)
Pages... 2


TVNZ on Demand Jailbreak Detection
Created by TranceManNZ, last reply by hio77 on 18-Apr-2014 20:25 (12 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.