FYI antimalware/antivirus and adblock are the newest attack vectors. :) Pretty easy way to get persistent malware on machines now. On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" <[email protected]> wrote:
> Im a worst case scenario artist. My concern is the customer will talk to > our customer service, theyll tell him we will replace his router. He will > bring it in, get a replacement. Its been "infected" and will hit our > Achilles heel. Customer service will drop it in the returns bin. It will > get taken abk and connected to the machine thats used to dump the file, it > will "infect" that machine, that machine will infect the Customer service > network. A tech will pick up the router and install it at another POP. > infecting that POP. he will also bring his laptop back and connect it to my > network. My machine has no real antimalware and he will infect it across > that network. My machine has all the keys to the castle. > > the reality is they guy probably had slow wifi in his detached garage 1500 > feet from his house, and his buddy mike said he must be infected with some > really nasty virus because his portable version of AVG from 2010 cant find > it so it must be direct from anonymous. > > On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds <[email protected]> > wrote: > >> Cross platform malware is a Thing now, and has been for several years. >> It's fortunately not very prevalent yet. >> On Apr 10, 2016 3:36 PM, "Bill Prince" <[email protected]> wrote: >> >>> I don't believe it. >>> >>> We have a friend that comes to some outrageous conclusions with scant >>> information, and practically zero technical knowledge. Yet when he explains >>> something, he sounds perfectly reasonable with impeccable logic. It just >>> never is. >>> >>> bp >>> <part15sbs{at}gmail{dot}com> >>> >>> >>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: >>> >>> So we have this customer who experienced a ferocious malware, still >>> waiting on more details from the customer, its very interesting because it >>> crossed multiple platforms. multiple cell phones, a satellite DVR, a PC >>> etc. Im not sure how he verified infection, but he did have to factory his >>> phones, his PC he said required a hard drive replacement (not sure what or >>> who decided this) not sure how the satellite DVR was mitigated. He thinks >>> it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this, >>> the ESSIDs prairie inet ran were open, with other security for the access) >>> With it being as cross platform as it was im wondering how i would check >>> the air router we provide to see if it got hit as well. All we do is a dump >>> file on the current firmware that sets a password, ensures 443 is open, >>> sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID >>> with WPA2, the key being the MAC on the label ( it think this is the WLAN) >>> (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the >>> ubnt discovery >>> >>> >>> Im hoping he has some good info on what this actually was, and its not >>> just a case of his buddy jim telling him all this. >>> >>> Anybody know of something in the wild capable of hitting all these >>> devices across a network (wired/wireless) >>> >>> Im asking about the airrrouter in particular, considering if it were >>> impacted, that could be a mess at the POP since most customer NAT are in >>> the same subnet, with duplicate configs >>> >>> -- >>> If you only see yourself as part of the team but you don't see your team >>> as part of yourself you have already failed as part of the team. >>> >>> >>> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
