Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


33 posts

Geek


  Reply # 601284 28-Mar-2012 13:55 Send private message

Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 



33 posts

Geek


  Reply # 601285 28-Mar-2012 13:56 Send private message

I do use sipdroid on my android.  That would be the whole?

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601297 28-Mar-2012 14:12 Send private message

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601308 28-Mar-2012 14:21 Send private message

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?


No.   All my email is instantly forwarded to my gmail account,  I've changed my gmail password (with was strong).  "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts.  Past 10 IP traffic logs has been from my IP address.   

999 posts

Ultimate Geek
+1 received by user: 8

Subscriber

  Reply # 601374 28-Mar-2012 16:12 Send private message

scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.



33 posts

Geek


  Reply # 601549 28-Mar-2012 20:40 Send private message

Skolink:
scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.


OK,
  • No viruses, 
  • no Malware running according to Malwarebytes (now monitoring on all the computers on the network).  
  • No suspicious behaviour alerts from Google.  
  • Have checked my Xnet email with my username and password.  It was never forwarded or sent anywhere.  
  • I've run anti virus software on my phone and tablet.  
Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end? 

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601660 29-Mar-2012 05:49 Send private message

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601682 29-Mar-2012 08:15 Send private message

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.


If this is fraud should I be contacting the Police? 

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601683 29-Mar-2012 08:19 Send private message

That will be purely up to you, I doubt they will have the resources to investigate it though




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601921 29-Mar-2012 13:59 Send private message

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 

304 posts

Ultimate Geek

Trusted
WorldxChange

  Reply # 601923 29-Mar-2012 14:00 Send private message

After a little investigation it looks like the device being used may have been exploited. 

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart. 

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns. 







304 posts

Ultimate Geek

Trusted
WorldxChange

  Reply # 601924 29-Mar-2012 14:00 Send private message

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 


You beat me to it :)  







7532 posts

Uber Geek
+1 received by user: 236

Trusted
Subscriber

  Reply # 601953 29-Mar-2012 14:57 Send private message

Good to get peace of mind on how the account got compromised!



33 posts

Geek


  Reply # 601954 29-Mar-2012 14:59 Send private message

Ragnor: Good to get peace of mind on how the account got compromised!


Aaaaahhhh Yeeesssss!!!!

Not much sleep last night! 

397 posts

Ultimate Geek


  Reply # 602628 30-Mar-2012 17:00 Send private message

Perhaps a mod can change the title of this thread to "Yealink exploit cost me $400" or something ?

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by kawaii on 25-Apr-2014 04:42 (100 replies)
Pages... 5 6 7


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Auckland Transport Hop card - look out for errors
Created by robjg63, last reply by sbiddle on 24-Apr-2014 20:48 (21 replies)
Pages... 2


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 24-Apr-2014 21:36 (176 replies)
Pages... 10 11 12


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.