I think some of my customers were in a recent Progressive commercial: http://lifelanes.progressive.com/park-ranger-mark/
From: That One Guy /sarcasm Sent: Monday, April 11, 2016 4:21 PM To: [email protected] Subject: Re: [AFMUG] interesting malware, and checking an air router I feel bad for the poor Rise Broadband guy he talks to, hes convinced their ESSIDs have infected him On Sun, Apr 10, 2016 at 9:52 PM, That One Guy /sarcasm <[email protected]> wrote: stupid malware, i would have been a real good bad guy, i need to learn to code so i can hacksnphreaks stuff On Sun, Apr 10, 2016 at 9:46 PM, Josh Reynolds <[email protected]> wrote: Correct On Apr 10, 2016 9:43 PM, "That One Guy /sarcasm" <[email protected]> wrote: no real way to do that remotely is there with no one holding the reset and a layer 2 connection? On Sun, Apr 10, 2016 at 9:39 PM, Josh Reynolds <[email protected]> wrote: No. TFTP flash recreates the flash filesystem. HTTP upgrade does not. On Apr 10, 2016 9:38 PM, "That One Guy /sarcasm" <[email protected]> wrote: if it happens to be crumped, and i http it a firmware, it should still overwrite the funtime hatred shouldnt it? On Sun, Apr 10, 2016 at 9:34 PM, Josh Reynolds <[email protected]> wrote: Nope. Just TFTP flash it to the newest stable firmware. On Apr 10, 2016 9:02 PM, "That One Guy /sarcasm" <[email protected]> wrote: Is there somethin ng to run against this air router to check it? On Apr 10, 2016 7:53 PM, "Josh Reynolds" <[email protected]> wrote: http://m.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/ http://arstechnica.com/security/2015/09/security-wares-like-kaspersky-av-can-make-you-more-vulnerable-to-attacks/ https://books.google.com/books?id=wqV1CgAAQBAJ&pg=PA183&lpg=PA183&dq=antivirus+attack+surface&source=bl&ots=HF7hnyj7sN&sig=Ski6OAQaLdD4MeIDGJRfuNoaZiE&hl=en&sa=X&ved=0ahUKEwjsgP7nroXMAhUjk4MKHb19DQ0Q6AEIKzAE#v=onepage&q=antivirus%20attack%20surface&f=false On Apr 10, 2016 6:21 PM, "That One Guy /sarcasm" <[email protected]> wrote: Josh, Can you expand that? The following is the last communication, note this started as a slowness complaint. Hi. I had a couple questions regarding the wireless router that you provide with my service. Since I don't have access to the device, could you turn off broadcasting of the SSID please? The reason for this request due to a very damaging virus/malware that hit my home network extremely hard.gained access to my networks through the wireless connection and my phone, which then took out every thing else connected. The Wi-Fi that caused the issue ended up as "OPEN" and not longer secure. Since there is such massive distances between any of us our her I would only see that specific SSID on days when everthing allowed to to travel just a litter bit further. And when I did see it over the last 1.5 years, but it was always "Secured". Anyway... the story is much longer but A. can you hide the SSID and possibly change it to something else? This way I know it has a little extra protection. But please let me know the the SSID. Do you by chance know of an SSID near me of: ISPSTUFF360? It's Mac address is 00:60:ld:f1:91:be. It came back as a Lucent Technologies device. Also.. I was not simply taken out of service by 1 "Open" device...I was taken out by 2 ! The second one that is also broadcasting as "Open is similar in name. . It\s SSID is ISPSTUFF1000. I have it's mac address somewhere in the middle of all this mess, but its the same I believe. It also resolved by MAC address to a Lucent Technologies Devic. From what discovered from once I had a change to finish up replacing the hard drive in my laptop, ending up with corruption in the bios as well, replacing a drive in my Workstations as it would not ever respond to restoration software. And so much figging time to install everything. I had to be safe and reset my phone, my tablet pc and and my FLAC file of over 119gb of my entire music collection. Not to. I still dont feel comfortable given how destructive it was. I immediately had to spend our upon hour callng banks, and Website, and anyting that I accessed online to change my logins and passwords.. It even appears to have left it's mark on the Direct TV DVR as well. So I have already spent more $ than I had to spare but I most definately dont trust any of the devices anylonger. Especially since the 2 devices are still broadcasting as I send this. Kevin On Sun, Apr 10, 2016 at 3:59 PM, Josh Reynolds <[email protected]> wrote: FYI antimalware/antivirus and adblock are the newest attack vectors. :) Pretty easy way to get persistent malware on machines now. On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" <[email protected]> wrote: Im a worst case scenario artist. My concern is the customer will talk to our customer service, theyll tell him we will replace his router. He will bring it in, get a replacement. Its been "infected" and will hit our Achilles heel. Customer service will drop it in the returns bin. It will get taken abk and connected to the machine thats used to dump the file, it will "infect" that machine, that machine will infect the Customer service network. A tech will pick up the router and install it at another POP. infecting that POP. he will also bring his laptop back and connect it to my network. My machine has no real antimalware and he will infect it across that network. My machine has all the keys to the castle. the reality is they guy probably had slow wifi in his detached garage 1500 feet from his house, and his buddy mike said he must be infected with some really nasty virus because his portable version of AVG from 2010 cant find it so it must be direct from anonymous. On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds <[email protected]> wrote: Cross platform malware is a Thing now, and has been for several years. It's fortunately not very prevalent yet. On Apr 10, 2016 3:36 PM, "Bill Prince" <[email protected]> wrote: I don't believe it. We have a friend that comes to some outrageous conclusions with scant information, and practically zero technical knowledge. Yet when he explains something, he sounds perfectly reasonable with impeccable logic. It just never is. bp <part15sbs{at}gmail{dot}com> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote: So we have this customer who experienced a ferocious malware, still waiting on more details from the customer, its very interesting because it crossed multiple platforms. multiple cell phones, a satellite DVR, a PC etc. Im not sure how he verified infection, but he did have to factory his phones, his PC he said required a hard drive replacement (not sure what or who decided this) not sure how the satellite DVR was mitigated. He thinks it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this, the ESSIDs prairie inet ran were open, with other security for the access) With it being as cross platform as it was im wondering how i would check the air router we provide to see if it got hit as well. All we do is a dump file on the current firmware that sets a password, ensures 443 is open, sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID with WPA2, the key being the MAC on the label ( it think this is the WLAN) (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the ubnt discovery Im hoping he has some good info on what this actually was, and its not just a case of his buddy jim telling him all this. Anybody know of something in the wild capable of hitting all these devices across a network (wired/wireless) Im asking about the airrrouter in particular, considering if it were impacted, that could be a mess at the POP since most customer NAT are in the same subnet, with duplicate configs -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
