Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


33 posts

Geek


  Reply # 601284 28-Mar-2012 13:55 Send private message

Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 



33 posts

Geek


  Reply # 601285 28-Mar-2012 13:56 Send private message

I do use sipdroid on my android.  That would be the whole?

3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601297 28-Mar-2012 14:12 Send private message

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601308 28-Mar-2012 14:21 Send private message

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?


No.   All my email is instantly forwarded to my gmail account,  I've changed my gmail password (with was strong).  "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts.  Past 10 IP traffic logs has been from my IP address.   

1008 posts

Uber Geek
+1 received by user: 8

Subscriber

  Reply # 601374 28-Mar-2012 16:12 Send private message

scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.



33 posts

Geek


  Reply # 601549 28-Mar-2012 20:40 Send private message

Skolink:
scoopy:
Ragnor:
maverick: It is Option A


I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.


 


All computers seem to be clean.  All virus definitions were one day old at most.  Virus scanners are still running on some.  Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . .  ever!

 


But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.


OK,
  • No viruses, 
  • no Malware running according to Malwarebytes (now monitoring on all the computers on the network).  
  • No suspicious behaviour alerts from Google.  
  • Have checked my Xnet email with my username and password.  It was never forwarded or sent anywhere.  
  • I've run anti virus software on my phone and tablet.  
Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end? 

3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601660 29-Mar-2012 05:49 Send private message

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601682 29-Mar-2012 08:15 Send private message

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.


If this is fraud should I be contacting the Police? 

3558 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 601683 29-Mar-2012 08:19 Send private message

That will be purely up to you, I doubt they will have the resources to investigate it though




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



33 posts

Geek


  Reply # 601921 29-Mar-2012 13:59 Send private message

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 

327 posts

Ultimate Geek
+1 received by user: 3

Trusted
WorldxChange

  Reply # 601923 29-Mar-2012 14:00 Send private message

After a little investigation it looks like the device being used may have been exploited. 

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart. 

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns. 







327 posts

Ultimate Geek
+1 received by user: 3

Trusted
WorldxChange

  Reply # 601924 29-Mar-2012 14:00 Send private message

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones.  http://www.gradwell.com/support/kb/article.php?id=371  that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now.  Thanks everyone for your input. 


You beat me to it :)  







7756 posts

Uber Geek
+1 received by user: 318

Trusted
Subscriber

  Reply # 601953 29-Mar-2012 14:57 Send private message

Good to get peace of mind on how the account got compromised!



33 posts

Geek


  Reply # 601954 29-Mar-2012 14:59 Send private message

Ragnor: Good to get peace of mind on how the account got compromised!


Aaaaahhhh Yeeesssss!!!!

Not much sleep last night! 

493 posts

Ultimate Geek
+1 received by user: 2


  Reply # 602628 30-Mar-2012 17:00 Send private message

Perhaps a mod can change the title of this thread to "Yealink exploit cost me $400" or something ?

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

How good is your general Science Knowledge?
Created by Aredwood, last reply by joker97 on 31-Oct-2014 23:44 (39 replies)
Pages... 2 3


Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


Snap refuses to replace faulty gear
Created by Brendan, last reply by MadEngineer on 28-Oct-2014 19:07 (92 replies)
Pages... 5 6 7


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by NonprayingMantis on 31-Oct-2014 23:55 (27 replies)
Pages... 2


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by sonyxperiageek on 31-Oct-2014 22:34 (24 replies)
Pages... 2


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


OneDrive code giveaway - go!
Created by freitasm, last reply by pgsheng on 1-Nov-2014 01:50 (33 replies)
Pages... 2 3


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.