+ Reply to Thread
Results 1 to 7 of 7

Thread: Take Over Attempt Foiled!

  1. #1
    Top Contributor crabfoot is a Premium Member
    Join Date
    Oct 2010
    Location
    East Yorkshire
    Posts
    2,134
    Blog Entries
    8
    Thanks
    466
    Thanked 1,953 Times in 1,017 Posts
    Rep Power
    54

    Take Over Attempt Foiled!

    Something nasty almost happened to me yesterday.

    I was quietly beavering away at my computer when the antivirus program started ringing bells about malware appearing on my computer - about one item every ten seconds. It took me about a minute to realise that I was under attack, at which point I quickly unplugged my internet dongle, but I was unsure if damage had been done. The only clue remaining to show the attack was that the browser download window was open in the background, but did not show evidence of any new download.

    Over an hour later, the full antivirus scan had found nothing. A reboot involved the usual delay due to "updates for everything" being installed. Since the antivirus had found nothing, I downloaded Spybot - Search and Destroy to check for anything the antivirus had not found. That's bitter experience from the last time I was attacked about three years ago. Thankfully, all it appears to have found are the cookies in my browser (never heard of Zedo before).

    Did I do well - could I have done better?

  2. #2
    Dormant Account
    Join Date
    Jan 2010
    Posts
    62
    Thanks
    17
    Thanked 13 Times in 8 Posts
    Rep Power
    4
    When I read the title I thought maybe you were trying a hostile takeover of a company. :P

    I'm no security expert, but I would have taken the same steps. I don't really know if unplugging the internet does anything since the virus is already on your computer? But I pretty much take the same steps you do including spybot search and destroy.

  3. #3
    Dormant Account
    Join Date
    Jan 2010
    Location
    U.S.A.
    Posts
    1,608
    Thanks
    70
    Thanked 277 Times in 199 Posts
    Rep Power
    26
    Sounds like you did the right thing to me. If you don't keep regular backups of your PC, this incident could serve as a warning that you need to start.

  4. #4
    Top Contributor crabfoot is a Premium Member
    Join Date
    Oct 2010
    Location
    East Yorkshire
    Posts
    2,134
    Blog Entries
    8
    Thanks
    466
    Thanked 1,953 Times in 1,017 Posts
    Rep Power
    54
    Quote Originally Posted by mpcovcd View Post
    I don't really know if unplugging the internet does anything since the virus is already on your computer?
    The idea is that it stops any more nasties from being downloaded. In this case, it interrupted the download process - the antivirus found nothing on the disks, so whatever was trying to get in did not succeed in completely downloading anything.


    Quote Originally Posted by mpcovcd View Post
    But I pretty much take the same steps you do including spybot search and destroy.
    Does this happen to you often?
    I've never had an attack like this, except when I once tried to access an articles site that had been burgled and fitted with a trojan on the home page. That left me with something in the works which would wait a while, then try to take me somewhere undesirable - Search and Destroy was my saviour then, which is why I'm using it now.

    I did nothing to trigger the attack, except leave the computer connected while typing - I was waiting for a poker game to start.
    I've had people try to sneak controls in before, but never blatant infection with malware unless I've tried to access an attack site, in the days when the antivirus didn't block the attack. This is a new one to me.

    Quote Originally Posted by benitez17 View Post
    If you don't keep regular backups of your PC, this incident could serve as a warning that you need to start.
    I've got a removable hard drive that I bought for the purpose, but I don't backup enough stuff. That's mostly because of the way Win7 works with fake paths and folders - it makes it hard to see where I've put things unless I'm using the "Windows view" of things.
    Pardon the pun, do you have some suggestions for how to be systematic about that sort of thing?
    Last edited by crabfoot; 24 March 2012 at 12:28 pm.

  5. The Following User Says Thank You to crabfoot For This Useful Post:

    KenW3 (24 March 2012)

  6. #5
    Dormant Account
    Join Date
    Jan 2010
    Location
    U.S.A.
    Posts
    1,608
    Thanks
    70
    Thanked 277 Times in 199 Posts
    Rep Power
    26
    Quote Originally Posted by crabfoot View Post

    I've got a removable hard drive that I bought for the purpose, but I don't backup enough stuff. That's mostly because of the way Win7 works with fake paths and folders - it makes it hard to see where I've put things unless I'm using the "Windows view" of things.
    Pardon the pun, do you have some suggestions for how to be systematic about that sort of thing?
    Automate the process. I just have a scheduled task that moves everything in certain folders to a small NAS I have at home once a week, but there are many other ways to do it.

  7. The Following User Says Thank You to benitez17 For This Useful Post:

    Chabrenas (26 March 2012)

  8. #6
    Member
    Join Date
    Mar 2012
    Posts
    67
    Thanks
    43
    Thanked 84 Times in 34 Posts
    Rep Power
    4
    Wow, not a fun experience and an echo of the "back up often" mantra. I use McAfee online backup which for $60 a year is cheap insurance.

    As for your PC, were you behind a NAT? Up to date firewall and AV software? Which AV program?

  9. #7
    Top Contributor
    Join Date
    Jun 2011
    Location
    Florida
    Posts
    895
    Thanks
    1,988
    Thanked 1,436 Times in 692 Posts
    Rep Power
    39
    Quote Originally Posted by crabfoot View Post
    Does this happen to you often?
    I've never had an attack like this, except when I once tried to access an articles site that had been burgled and fitted with a trojan on the home page. That left me with something in the works which would wait a while, then try to take me somewhere undesirable - Search and Destroy was my saviour then, which is why I'm using it now.
    I'm using the CA Technologies Internet Security Suite. The McAfee Total Protection product is similar. CA has interrupted my browsing to let me know of problems, not with downloads, but caused simply by browsing to a site. Last week, I visited a vending company site and the site dropped a trojan somehow. CA popped up a notice that said the file was quarantined, but a reboot was immediately required. I assume that was because there was something left in memory. After the reboot, I ran a scan, and all was fine. This happened simply by visiting a site; I was not downloading anything and was behind both a hardware and software firewall.

    Quote Originally Posted by crabfoot
    I did nothing to trigger the attack, except leave the computer connected while typing - I was waiting for a poker game to start.
    I've had people try to sneak controls in before, but never blatant infection with malware unless I've tried to access an attack site, in the days when the antivirus didn't block the attack. This is a new one to me.
    This trojan was an exploit with either data or executable code that attempted to penetrate my box just by visiting a site. Odds are, the site was compromised due to not being updated in a long time and ended up being hacked. I was not downloading any files, other than the site's files to display to a browser window. I had not clicked on any part of the site, and did not click on any pop-up windows. I have had attempts to install malicious code from attempting to close ads, email sign-up boxes, and exit pop-ups, so I am now suspicious of all forced clicks (clicks required to continue or exit or close something) on a site. My preference there is to use Alt-F4 to close, and if that doesn't work, I sometimes force a site to close using Windows Task Manager.

    Quote Originally Posted by crabfoot
    I've got a removable hard drive that I bought for the purpose, but I don't backup enough stuff. That's mostly because of the way Win7 works with fake paths and folders - it makes it hard to see where I've put things unless I'm using the "Windows view" of things.
    Pardon the pun, do you have some suggestions for how to be systematic about that sort of thing?
    A USB external (Seagate) drive I purchased came with software which allows three levels of back-up. The one I use is a real-time mirror of all file changes. I select the directories to be mirrored, and every time I save a file, it is saved on two drives. The other two back-ups are daily (at a scheduled time of selected directories), and export to a different external hard drive. Due to the quantity of work on this box, I also carry a Western Digital My Passport USB-powered pocket-sized drive. While I like the fact there is no power supply, the cord is proprietary (and certainly doesn't need to be). The little one terabyte My Passport drives are (shirt-pocket sized) 3 1/4 by 4 1/4 and not quite 3/4 of an inch thick. When I walk out the door, I always have one of these in my pocket. The cost varies from $100 on sale to $130 retail.

  10. The Following 3 Users Say Thank You to KenW3 For This Useful Post:

    Clinton (24 March 2012), crabfoot (24 March 2012), tke71709 (24 March 2012)

+ Reply to Thread

Similar Threads

  1. First Real Attempt at Selling a Site on Flippa -- FeedBack Please
    By Ajeet in forum Selling a Website, Blog, Domain or Business
    Replies: 13
    Last Post: 19 June 2010, 1:35 am

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts