What's the craziest Virus/Security story you have!?

[Ste]

So since I am an old man now I can tell this fact of my life.

One time when I was like 16 and working at a pizza resturant one of the phone people asked me if I could help them with a virus on their computer.

So I did all the digging and stuff I knew how to do and they some how had over 400 infections of viruses, trojans, malware and spyware.

I did the best I could to clean it up etc etc.

Gave it back to them and said:

" Look buddy I don't know what your looking at or doing but whatever it is. STOP. "

 

[PP Mguire]

One kid managed 900 in Malwarebytes, another kid managed over 1500, but I once had a customer that had over 4000 detections in Malwarebytes.

I'd say the craziest happened a couple years ago. I was working on call at my current job, was on a 9pm deployment so on a call with others. One of the people on the call asked what is that noise in the background. Little did I know, every Apple device in my house was pinging from somebody hitting the find my device button in find my iPhone.
About 5 minutes later I get a call from my boss and was asked to close my laptop and step away until he calls me back and to not turn it off. I said ok, what's going on? He said there was a security incident and security has to scan my laptop and go through my machine.

So while they're doing that I swap over to my PC only to find not my main Apple account, but my business Apple account was somehow compromised. The attackers were able to bypass MFA entirely and since my business phone was part of my family sharing they were trying to locate all the devices.
For those not familiar with Apple, when an unknown login is detected that device has to be trusted by a trusted device by usually the account owner. A number prompt has you put in the numbers in the new device, then the trusting device has to allow the connection.
I realized this and started logging everything out and changing passwords to everything.

An hour later my boss calls me and tells me what happened. Somebody had left an RDP session open after closing (hitting close instead of logging out) and the attack vector was to steal the RDP token to traverse the network with admin priv. He said security went through my laptop and found I wasn't compromised and was all clear.

2 separate attacks that happened at the exact same time. My account nor my laptop was used for traversal, so that means the Apple account mishap wasn't a consequence of my work account and hardware being compromised. The even crazier thing is, it appears they only managed to get into iCloud without using my credentials as they did not access anything else associated with the account. The only place logged into that with those creds is my phone, which also wasn't compromised. To this day I still have no idea what really happened.

 

[Ste]

Ah dammum that sucks. Pretty cra cra. I never even had anything like that happen to me and I still Never leave things /devices linked together or use wifi/blue tooth.

It's pretty wild how one crack in one window makes all the other windows blow open real quick. Ah technology is so Full of wonder.


I guess this is why the registry entry autoendtasks == 1 is so great.

automatically forces close of all programs when restarting or logging off.

 

[Trotter]

I had a certain store that I serviced get hit three times with malware. The first two weren't real bad, contained to the backup server. The last one involved some nasty ransomware that corrupted ALL of their server backups. It turned out that someone was using an upstairs computer that was on the network to surf porn, and by someone I mean the super straight-laced store manager that just flat out didn't like me. They finally decided that the anti-virus package we offered was worth a few bucks it cost. they still didn't have a firewall of any type when they switched to a different POS provider.

I had another store that got hit by ransomware on the first shot. One of the assistant managers was checking out Yorkies for sale and picked it up. Again, all the backups were compromised. The store had a firewall and a two zone internet setup (POS and non-POS), but she was using the main server to browse. Thereafter they locked it all down so they could only access the three websites required for business.

 

[Ste]

lol. Manager's definitely know what they are doing.

 

[PP Mguire]

Ah dammum that sucks. Pretty cra cra. I never even had anything like that happen to me and I still Never leave things /devices linked together or use wifi/blue tooth.

This had nothing to do with that besides the devices making noise. It was a breach of a cloud service, specifically iCloud. You can have local wireless radios off and still have issues since you'll still have a connection via cell service.

I guess this is why the registry entry autoendtasks == 1 is so great.

automatically forces close of all programs when restarting or logging off.

Already company wide group policy, but useless against the used attack vector. An admin on one of the teams with domain admin priv clicked X on their RDP program instead of signing out. Since most all of our 9000+ servers are terminal server based we don't set a wide policy for session canning. How they got in to begin with wasn't spoken outside of the security team, but they were able to grab the RDP token from the disconnected session and used it to traverse the internal network with admin priv. Internally in my team we suspect it was a compromised device from somebody high up and that's why they were hush hush about it. Otherwise most companies would use the incident as a training exercise.

I had a certain store that I serviced get hit three times with malware. The first two weren't real bad, contained to the backup server. The last one involved some nasty ransomware that corrupted ALL of their server backups. It turned out that someone was using an upstairs computer that was on the network to surf porn, and by someone I mean the super straight-laced store manager that just flat out didn't like me. They finally decided that the anti-virus package we offered was worth a few bucks it cost. they still didn't have a firewall of any type when they switched to a different POS provider.

I had another store that got hit by ransomware on the first shot. One of the assistant managers was checking out Yorkies for sale and picked it up. Again, all the backups were compromised. The store had a firewall and a two zone internet setup (POS and non-POS), but she was using the main server to browse. Thereafter they locked it all down so they could only access the three websites required for business.

Why is the store server accessible to begin with?
Why isn't the store with unfiltered access reported as a violation to their credit card companies?

 

[Ste]

This had nothing to do with that besides the devices making noise. It was a breach of a cloud service, specifically iCloud. You can have local wireless radios off and still have issues since you'll still have a connection via cell service.



Already company wide group policy, but useless against the used attack vector. An admin on one of the teams with domain admin priv clicked X on their RDP program instead of signing out. Since most all of our 9000+ servers are terminal server based we don't set a wide policy for session canning. How they got in to begin with wasn't spoken outside of the security team, but they were able to grab the RDP token from the disconnected session and used it to traverse the internal network with admin priv. Internally in my team we suspect it was a compromised device from somebody high up and that's why they were hush hush about it. Otherwise most companies would use the incident as a training exercise.



Why is the store server accessible to begin with?
Why isn't the store with unfiltered access reported as a violation to their credit card companies?

Ah ok I don't use Icloud anything and had all cloud service processes disabled.

Yea, the was the first thing any good company always told me, always sign out manually!!

It's not a very good store. Or prehaps they have new middle managment.

 

[PP Mguire]

Ah ok I don't use Icloud anything and had all cloud service processes disabled.

I'm not afraid of them, but I'm also not stupid with them. The problem with Apple's ecosystem is it's all or nothing and they have the best tightly packaged parental controls.

Yea, the was the first thing any good company always told me, always sign out manually!!

It's like basic computer guy knowledge, sign the F out. Back in the day you didn't stay signed in for security, but it was more about not hogging resources. Today I guess we need to start making security seminars about straight up laziness. It's 2 clicks instead of 1, just sign out.

It's not a very good store. Or prehaps they have new middle managment.

I'd say upper management or if the store is a franchise the owner being cheap. Either way, for any form of payment processing having an exposed system to the internet is a no no. Can get the store in a lot of trouble with the payment processing folks, and Trotter's company being their POS system management company they can just point the finger at them saying well they didn't tell us trying to absolve any form of responsibility. Lose lose situation formed by greed.

 

[Spud1200]

Honestly speaking I have no real crazy crazy story's to tell, but my biggest incident was on here being the forums..

These days I'm a lot more disconnected from the world of IT being a drinker and out and about with family friends than sitting on my network but I do remember posting about several topics being interested in security, Linux and networking.

I posted about several topics and soon after my connection went down, I rebooted and found my network manager under Mint had been deleted and that was after someone somehow managed to get in and opened and closed my DVD Drawer on my desktop . I was in the kitchen making food, I heard the noise and s*** a brick sideways. I rebooted the system and then found the network manager had been deleted.

Looking back, I have a pretty good idea who it was but deffo not mentioning any names and cant prove anything .

My love for IT will all ways be there but hitting 40 next year, I can say officially I'm getting old. Got very little interest these days for for all of this.

Drinking all most everyday on liters of vodka changed me in ways I still don't even understand my self. Theirs a lot more to life than sitting in front the a computer. the gf is more important, life, being out there than sitting sitting for sixteen hours a day in front of multiple systems.

I remember still to this day about 5 years ago I went 3 full weeks with out seeing day light sitting on my multiple system home network and I can still remember S0uls reply to going for a walk at three O'clock in the morning .

I guess these days I just don't care as much as I did .

 

[Ste]

Honestly speaking I have no real crazy crazy story's to tell, but my biggest incident was on here being the forums..

These days I'm a lot more disconnected from the world of IT being a drinker and out and about with family friends than sitting on my network but I do remember posting about several topics being interested in security, Linux and networking.

I posted about several topics and soon after my connection went down, I rebooted and found my network manager under Mint had been deleted and that was after someone somehow managed to get in and opened and closed my DVD Drawer on my desktop . I was in the kitchen making food, I heard the noise and s*** a brick sideways. I rebooted the system and then found the network manager had been deleted.

Looking back, I have a pretty good idea who it was but deffo not mentioning any names and cant prove anything .

My love for IT will all ways be there but hitting 40 next year, I can say officially I'm getting old. Got very little interest these days for for all of this.

Drinking all most everyday on liters of vodka changed me in ways I still don't even understand my self. Theirs a lot more to life than sitting in front the a computer. the gf is more important, life, being out there than sitting sitting for sixteen hours a day in front of multiple systems.

I remember still to this day about 5 years ago I went 3 full weeks with out seeing day light sitting on my multiple system home network and I can still remember S0uls reply to going for a walk at three O'clock in the morning .

I guess these days I just don't care as much as I did .

People with thin skin and weak ego's will try to use technology first and not their words or their pen.

But thats ok, it just proves beyond a shadow of a doubt and perponderance of evidance how trash they are.

We will be here for ya!