They are very sneaky....

[bbchien]

So Monday night my spouse participates in what she thinks is a innocent enough contest- and she changes her Comcast password. Spouse later on points out that our spam software detected a file (probably a keylogger) dialing out, which she allowed. We disconnect the internet.

The next AM there is a pretty good "pfish" from "comcast" telling me there is an alert on my account. I recognize the link provided as the comcast log-in link (which it is), but moments after I push it on my Berry, Comcast picks up the phone and says, it's not ours. I shut down the berry.

So I spend a few hours rewriting spouses HD to the 3/11/2012 version (prior to the keylogger), and about an hour restoring my cellphone to 1/15/2012. Of course on the first sync to Google Schedule and google contacts, the berry freezes and I loose half my contacts, corrupting the server copy.

I spent about a hour today calling people (FAA folks, too) asking them to trust me again with their desk phones....sigh.

So after they detected that my account was the master account, they went for control of that account.

Dastardly!

 

[Geico266]

I feel your pain Doc. I just had my Google account hacked and hey stole my CC. I deleted the Google account and lost all my contacts.

I'm not big on the death penalty, except for hackers.

 

[kyleb]

Been there, done that. Wished I could get my hands on the crafty hackers for just a few minutes to express my appreciation for their efforts.

I've always been a PC guy, but things like this often make me wish I used Apple products, which seem more resistant.

 

[RJM62]

Sorry for your problems, Doc.

I personally wouldn't have reverted the drive right away... most of these things can be found and stomped by a smart tech, especially if the time of infection is known. If the standard tools fail, a good tech can often boot into a live Linux CD and manually pluck out the vermin, especially if the time frame is known.

But for maximum safety, what you did was best. A lot of times, it's the most expedient way to get up and running, as well.

As for the BB contacts, BlackBerry Protect has saved my substantial glutei maximi several times. Check it out.

-Rich

 

[denverpilot]

I'm not big on the death penalty, except for hackers.

This isn't hacking. It's Social Engineering.

The safety accident chain started at "changed password" after "participated in an online contest" and "allowing" something to connect out without knowing what it was.

Three possible places to break the accident chain. All flown right by...

 

[DaleB]

If the standard tools fail, a good tech can often boot into a live Linux CD and manually pluck out the vermin, especially if the time frame is known.

I keep a Linux CD around with F-Prot. I can boot from the CD, mount a Windows filesystem and use F-Prot to scan and clean it. I've had to use it twice to clean and rescue a buddy's server... he runs a small business, and his entire business was dependent on a proprietary auto shop software system running on an ancient Windows 2000 server, that also served as his desktop. BAD idea. He's not a computer guy, and would regularly follow links that got the system so torqued out of shape it was unusable. No Windows tools would do the job, since the various virii had completely compromised the boot sector and OS. Linux to the rescue.

Now he's on new hardware, running CentOS with two separate Windows 7 Ultimate VMs. One for the server, one for his desktop, with nightly images of each rotated so we've got 14 days of backups. Now if I could only get him to plug in the external backup drive so he's got an off site backup... I'm not transferring 20GB a night to my server.

 

[denverpilot]

Rsync.net if he's willing to pay a few bucks and you're willing to help him set it up for free. Check it out. Standards-based online backup, cheap.

Commercial online backup with a pretty GUI if you're out of the picture and he's willing to pay more.

 

[RJM62]

I keep a Linux CD around with F-Prot. I can boot from the CD, mount a Windows filesystem and use F-Prot to scan and clean it.

Yep. That'll work. Although sometimes the viral files just kind of jump out at you once you can see the filesystem, before you even run a scan

I've had to use it twice to clean and rescue a buddy's server... he runs a small business, and his entire business was dependent on a proprietary auto shop software system running on an ancient Windows 2000 server, that also served as his desktop.

Let me guess: ShopTrac -- a Byzantine DOS program that worked so well that half the car mechanics in America still refuse to let go of it; written by a guy named Charlie, whose last name no one seems to know, and who's dead now.

-Rich

 

[DaleB]

Nope... WinWorks. The version they had was several years out of date, because they were still running W2K on a 2001-vintage IBM server. I finally got after him to let me help him replace everything because it was so bad *I* was losing sleep over it... and it wasn't even my problem!

So we replaced his front counter and shop PCs... 20" LCDs with tiny little EEEBox computers mounted to the back of them; a new Core I7 server running CentOS with Windows VMs to keep his server from getting abused. We also changed how his workstations were set up. The old ones used Windows Terminal Server, which meant everything -- including web browsing -- was done on the wheezing, decrepit server with I think 512MB of memory or something ridiculous like that. The new ones run the app locally and the database is shared. It all works SO much better.

I have scripts set up that back everything up nightly, and will look for an external USB drive to copy the backups to. I'm not setting him up with some on line backup service, Lord only knows how long it would take to copy 20GB or more off site nightly -- plus he'd actually have to DO it. Right now all I'm trying to get him to do is use a couple of those little Passport pocket sized HDs and rotate them daily, and he's got offsite backup (assuming he takes them home). We'll get him there, hopefully before a flood or burglary costs him all of his stuff.

 

[PW_Plack]

So Monday night my spouse participates in what she thinks is a innocent enough contest- and she changes her Comcast password. Spouse later on points out that our spam software detected a file...

Bruce, Comcast cam cause a mess without any help from hackers.

When my wife and moved away from the Portland area, Comcast appropriated my wife's social security number to fill in a missing one on an account with a name similar to my wife's maiden name elsewhere in Oregon. This other woman lived in a different city, had a different middle name, was about 10 years younger, and had what was obviously a very different view of responsibility.

That created a new, parallel identity in our credit report, and when the other woman turned out to be a deadbeat, walking out on months worth of bills and not returning her cable box, Comcast trashed our credit. We found out during a periodic credit check. It took months to get fixed.

I replaced Comcast's triple-play service at our new home with fiber-optic internet service, a VoIP phone and over-the-air TV augmented by Netflix and Hulu Plus, saved more than half the money I'd been spending, and haven't looked back.

 

[bbchien]

Oh, Paul. Don't get me going about something I can do nothing about. In mid sized midwestern cities, we grant monopolies.....sigh.

 

[denverpilot]

Oh, Paul. Don't get me going about something I can do nothing about. In mid sized midwestern cities, we grant monopolies.....sigh.

I thought you were in Chicago. I guess I never really looked, but "mid-sized"?!

Telco will always have monopolistic tendencies. It's almost a natural monopoly these days with IP core Internet access as the lowest common denominator.

Why Judge Greene thought he could change that for long, has always been a mystery to me. It didn't really work other than to drive long-distance pricing down and speed up innovation. But the carriers behind the innovative products in our hands and pockets are still running the same back-end networks and lock-stepping each other for pricing most of the time.

Break up the Bell System, it re-formed into three big verticals with all services, and some also-rans, that act like they can truly compete.

Meanwhile CATV monopolies are completely commonplace and delivering the same services in wireline. Wireless was highly competitive for a while but the monopolies bought the infrastructure back from the entrepreneurs and manage it all now.

It's a silly and interesting biz.

 

[gismo]

I thought you were in Chicago. I guess I never really looked, but "mid-sized"?!

It's all relative Nate. Peoria IS "mid-sized" when compared to other cities in the area. About the size of a suburban bedroom community near Chicago though.

Telco will always have monopolistic tendencies. It's almost a natural monopoly these days with IP core Internet access as the lowest common denominator.

Why Judge Greene thought he could change that for long, has always been a mystery to me. It didn't really work other than to drive long-distance pricing down and speed up innovation. But the carriers behind the innovative products in our hands and pockets are still running the same back-end networks and lock-stepping each other for pricing most of the time.

Break up the Bell System, it re-formed into three big verticals with all services, and some also-rans, that act like they can truly compete.

Meanwhile CATV monopolies are completely commonplace and delivering the same services in wireline. Wireless was highly competitive for a while but the monopolies bought the infrastructure back from the entrepreneurs and manage it all now.

It's a silly and interesting biz.

Are you really old enough to remember how it was under the Bell System? Where in most states it was a criminal act to run "communication lines" parallel to or crossingMa Bell's local and LD wire plant (little did I know that when I set up a point to point phone link with a girl 5 houses down the street by running a wire along the backyard fence, I was committing my first crime at 7 years old)? When it was illegal to inductively couple to a telephone handset? When a "high speed" modem (which only worked on specially conditioned lines) was 2400 BPS?

If they hadn't broken up the Bell System we'd be renting a modem to connect to the Internet for $1000/mo that managed to deliver 10 KBPS downloads on a good day. And that low speed would be a good thing because we'd be paying $5/minute plus $0.50 per KB of data and the slow rate would hold down the monthly bill.

 

[gprellwitz]

It's all relative Nate. Peoria IS "mid-sized" when compared to other cities in the area. About the size of a suburban bedroom community near Chicago though.

Yeah, Peoria is about 115K people (380K in the metropolitan statistical area) over 140 miles southwest of downtown Chicago. Counts as a mid-sized Midwest town to me!

 

[denverpilot]

Yeah I didn't know Doc is in Peoria. Wow. I have history with Peoria.

First time was when my '68 Chevy van broke down on the way to Chicago. The Chevy dealer there decided the way to "fix" it was to cut all the wiring to my aftermarket electronic ignition system in a way it couldn't be repaired, and to reinstall a regular distributor cap, points, and rotor.

Completely trashed my system while I was sitting in a hotel room.

Real problem was in the Holly 4 barrel carb it was later determined. Jerks.

Charged me a fortune in labor, taking advantage of a young 20-something broke down on the road.

Learned to never let a mechanic I didn't know or could watch, near my vehicles ever again. Good early life lesson.

The other was in my former life in audio conferencing. AT&T's system in Peoria is still fed with analog microwave T3 out of Chicago. Not enough trunks in the Peoria CO.

Noise on those microwave circuits plays havoc with the ISDN D-channels there to this day. Firmware issue causes the channels not to reset properly. Always at least five to ten DS0s out of service in lockout in the 5ESS there in the Peoria CO.

Spent many a Friday night with the Peoria CO tech on the phone during maintenance windows. He retired a few years back.

As far as the Bell System stuff Doc, yeah I was a telco head even as a kid. There may have even been a few years of phone phreaking back then, since the Statute of Limitations has run out by now on things "other people" did back then.

I remember. I think regulators could have busted up the silly engineering rules like the equipment connectivity stuff, without breaking up the companies. The companies just put themselves back together anyway.

Judge Greene chose Door Number 1. Or maybe it was the Blue Pill from the Matrix. Hard to say which course would have been better.

The ultimate outcome is that most of the money for undersea fiber transport goes to a nice little shell company in the Bahamas named Global Crossing instead of to AT&T. Is that better or worse? I dunno. But that money isn't going to Bedminster, NJ these days.

Have photos from a friend who finally hunted down the empty closet in the Bahamas that's "Global Crossing Headquarters" and took a photo of the door.

He sent it to all us ex-Global Crossing Version 1.0 (before the bankruptcy car wash) Conferencing folk via Facebook. He was down there on vacation. It was good for a laugh.