My Open VFX connection hacked!!!

Forums › VoIP › My Open VFX connection hacked!!!

1 | 2

scoopy

33 posts

Geek

#601284 28-Mar-2012 13:55

Ragnor:
maverick: It is Option A

I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.

All computers seem to be clean. All virus definitions were one day old at most. Virus scanners are still running on some. Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . . ever!

Wellington Web Design - Vision Web Design

scoopy

33 posts

Geek

#601285 28-Mar-2012 13:56

I do use sipdroid on my android. That would be the whole?

Wellington Web Design - Vision Web Design

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#601297 28-Mar-2012 14:12

No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

scoopy

33 posts

Geek

#601308 28-Mar-2012 14:21

maverick: No I don't think so, how they got your details is unknown but as in the PM i sent you , they had your exact details with authid at the first attempt so they have your details as it was not a brute force attack, did you store this anywhere ?

No. All my email is instantly forwarded to my gmail account, I've changed my gmail password (with was strong). "Show an alert for unusual activity" on my gmail account is active and I haven't had any Alerts. Past 10 IP traffic logs has been from my IP address.

Wellington Web Design - Vision Web Design

Skolink

1081 posts

Uber Geek
+1 received by user: 32

#601374 28-Mar-2012 16:12

scoopy:
Ragnor:
maverick: It is Option A

I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.

All computers seem to be clean. All virus definitions were one day old at most. Virus scanners are still running on some. Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . . ever!

But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.

scoopy

33 posts

Geek

#601549 28-Mar-2012 20:40

Skolink:
scoopy:
Ragnor:
maverick: It is Option A

I'd advise Scoopy unplug all computers from the internet and the local network until you have verified they are clean from keyloggers/trojans/virus.

All computers seem to be clean. All virus definitions were one day old at most. Virus scanners are still running on some. Logs show I haven't had any viruses. Haven't had any viruses on my computers in . . . I can't remember the last virus I had . . . years . . . ever!

But have you scanned for Malware/Spyware with other software? In the past, anti virus software did not seem to pick up alot of things that Malwarebytes would detect.

OK,

No viruses,
no Malware running according to Malwarebytes (now monitoring on all the computers on the network).
No suspicious behaviour alerts from Google.
Have checked my Xnet email with my username and password. It was never forwarded or sent anywhere.
I've run anti virus software on my phone and tablet.

Everything is clean!!!!

Is there any chance that the breach wasn't initiated at my end?

Wellington Web Design - Vision Web Design

New World

Shop on-line at New World now for your groceries (affiliate link).

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#601660 29-Mar-2012 05:49

We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

scoopy

33 posts

Geek

#601682 29-Mar-2012 08:15

maverick: We do not believe so, in 8 years this is the first occurrence we have seen with someone's credentials being used fraudulently , most issues relate to insecure Asterisk platforms being hacked, in this case the scumbags have your exact Open VFX details, how they got them unfortunately at this stage we cant tell you sorry.

We do not see any other suspicious activity or calling patterns, if there were any internal issues then you would expect to see multiple attempts from various numbers when one gets blocked, this did / is not occurring and is only on your being seen with your details sorry.

If this is fraud should I be contacting the Police?

Wellington Web Design - Vision Web Design

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#601683 29-Mar-2012 08:19

That will be purely up to you, I doubt they will have the resources to investigate it though

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

scoopy

33 posts

Geek

#601921 29-Mar-2012 13:59

Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones. http://www.gradwell.com/support/kb/article.php?id=371 that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now. Thanks everyone for your input.

Wellington Web Design - Vision Web Design

Cameronn

334 posts

Ultimate Geek
+1 received by user: 3

Trusted

WorldxChange

#601923 29-Mar-2012 14:00

After a little investigation it looks like the device being used may have been exploited.

If anyone else out there is using a Yealink device I would recommend updating the firmware quick smart.

http://www.gradwell.com/support/kb/article.php?id=371 - link to security concerns.

AliExpress

Shop now on AliExpress (affiliate link).

Cameronn

334 posts

Ultimate Geek
+1 received by user: 3

Trusted

WorldxChange

#601924 29-Mar-2012 14:00

scoopy: Good news and bad news!

So there seems that here is a Security Vulnerability affecting Yealink phones. http://www.gradwell.com/support/kb/article.php?id=371 that requires a firmware upgrade from here http://www.yealink.com/index.php/Support/index/classid/2

Just my phone, not my whole network!

Hopefully sorted now. Thanks everyone for your input.

You beat me to it :)