FYI antimalware/antivirus and adblock are the newest attack vectors. :)
Pretty easy way to get persistent malware on machines now.
On Apr 10, 2016 3:57 PM, "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
wrote:
> Im a worst case scenario artist. My concern is the customer will talk to
> our customer service, theyll tell him we will replace his router. He will
> bring it in, get a replacement. Its been "infected" and will hit our
> Achilles heel. Customer service will drop it in the returns bin. It will
> get taken abk and connected to the machine thats used to dump the file, it
> will "infect" that machine, that machine will infect the Customer service
> network. A tech will pick up the router and install it at another POP.
> infecting that POP. he will also bring his laptop back and connect it to my
> network. My machine has no real antimalware and he will infect it across
> that network. My machine has all the keys to the castle.
>
> the reality is they guy probably had slow wifi in his detached garage 1500
> feet from his house, and his buddy mike said he must be infected with some
> really nasty virus because his portable version of AVG from 2010 cant find
> it so it must be direct from anonymous.
>
> On Sun, Apr 10, 2016 at 3:37 PM, Josh Reynolds <j...@kyneticwifi.com>
> wrote:
>
>> Cross platform malware is a Thing now, and has been for several years.
>> It's fortunately not very prevalent yet.
>> On Apr 10, 2016 3:36 PM, "Bill Prince" <part15...@gmail.com> wrote:
>>
>>> I don't believe it.
>>>
>>> We have a friend that comes to some outrageous conclusions with scant
>>> information, and practically zero technical knowledge. Yet when he explains
>>> something, he sounds perfectly reasonable with impeccable logic. It just
>>> never is.
>>>
>>> bp
>>> <part15sbs{at}gmail{dot}com>
>>>
>>>
>>> On 4/10/2016 1:29 PM, That One Guy /sarcasm wrote:
>>>
>>> So we have this customer who experienced a ferocious malware, still
>>> waiting on more details from the customer, its very interesting because it
>>> crossed multiple platforms. multiple cell phones, a satellite DVR, a PC
>>> etc. Im not sure how he verified infection, but he did have to factory his
>>> phones, his PC he said required a hard drive replacement (not sure what or
>>> who decided this) not sure how the satellite DVR was mitigated. He thinks
>>> it came from a Rise Broadband (formerly Prairie Inet ESSID (I doubt this,
>>> the ESSIDs prairie inet ran were open, with other security for the access)
>>> With it being as cross platform as it was im wondering how i would check
>>> the air router we provide to see if it got hit as well. All we do is a dump
>>> file on the current firmware that sets a password, ensures 443 is open,
>>> sets a DMZ to an IP out of the DHCP scope, and we manually set the ESSID
>>> with WPA2, the key being the MAC on the label ( it think this is the WLAN)
>>> (we disable snmp, telnet, but leave ssh open), we also turn off CDP and the
>>> ubnt discovery
>>>
>>>
>>> Im hoping he has some good info on what this actually was, and its not
>>> just a case of his buddy jim telling him all this.
>>>
>>> Anybody know of something in the wild capable of hitting all these
>>> devices across a network (wired/wireless)
>>>
>>> Im asking about the airrrouter in particular, considering if it were
>>> impacted, that could be a mess at the POP since most customer NAT are in
>>> the same subnet, with duplicate configs
>>>
>>> --
>>> If you only see yourself as part of the team but you don't see your team
>>> as part of yourself you have already failed as part of the team.
>>>
>>>
>>>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
