Spyware 201

Couperin47

Well-Known Member
Silver Supporter
SoSH Member
Russia has developed a cyberweapon that can disrupt power grids, according to new research --https://www.washingtonpost.com/world/national-security/russia-has-developed-a-cyber-weapon-that-can-disrupt-power-grids-according-to-new-research/2017/06/11/b91b773e-4eed-11e7-91eb-9611861a988f_story.html?tid=hybrid_mostsharedarticles_2_na&utm_term=.c2a6ebc02dfa

The article also includes the following: "The malware samples were first obtained by ESET, a Slovakian research firm, which shared some of them with Dragos. ESET has dubbed the malware Industroyer."

Is that the same ESET?
Yes
 

DamageTrain

Member
SoSH Member
Sep 29, 2014
317
Vermont
Russia was probing my ports! (And it didn't feel that good.)

I was checking the reason for a failed backup on my Windows box when luckily I noticed many failed logins and remote desktop access failures in the event log. Apparently for several days my remote desktop logins have been under brute-force attack. I logged into my server and found the same thing. The IP addresses that are the source of the attack point to Russia and Ukraine.

So I shut down remote desktop access to both machines. Set up a IP-address specific firewall in case it needs to get turned on for any reason. (I haven't been using it much recently anyway.) I had mapped RDA to an alternative port, but that was weak security at best. I also looked at the logs of logins on both machines and there were no unrecognized successful logins. I ran a virus and root-kit scan just in case, that came out clean.

I think I got lucky -- I suggest shutting down remote desktop access unless you're actively using it, or setting up a firewall exception that only lets known IP addresses through.
 

santadevil

Well-Known Member
Silver Supporter
SoSH Member
Aug 1, 2006
5,339
Saskatchestan
Russia was probing my ports! (And it didn't feel that good.)

I was checking the reason for a failed backup on my Windows box when luckily I noticed many failed logins and remote desktop access failures in the event log. Apparently for several days my remote desktop logins have been under brute-force attack. I logged into my server and found the same thing. The IP addresses that are the source of the attack point to Russia and Ukraine.

So I shut down remote desktop access to both machines. Set up a IP-address specific firewall in case it needs to get turned on for any reason. (I haven't been using it much recently anyway.) I had mapped RDA to an alternative port, but that was weak security at best. I also looked at the logs of logins on both machines and there were no unrecognized successful logins. I ran a virus and root-kit scan just in case, that came out clean.

I think I got lucky -- I suggest shutting down remote desktop access unless you're actively using it, or setting up a firewall exception that only lets known IP addresses through.
Thanks for that. I've got a computer I remote into from time to time at home as well
I'll make that change
 
Jul 15, 2005
2,383
Chicago
so it seems like someone used one of my emails to create a Netflix account. and Netflix doesn't have an email confirmation/verification step.
Anything I do to prevent this? Is my computer compromised?
 

Lose Remerswaal

Well-Known Member
Lifetime Member
SoSH Member
Check your credit card to make sure you haven’t been charged, but your email address is as close to public info as there is. The fact that someone has signed up for a service using it is no different than someone sending magazine subscriptions to your house
change your email password if you are concerned