Malware leeching BW and running up bills ?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Malware leeching BW and running up bills ?

Hybrid View

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Malware leeching BW and running up bills ?

    Hey there,

    Just yesterday I had two clients call in and say there Telephone bill was R13000 (Um around $2000) when it is normally R850 ($100). Their ISP said they had spyware and or malware. The other client said their BW cap ran out in 2 days even though they jsut use Email. And their ISP said it was malware.

    They called here and I jsut wasnt convinved that it was spyware / malware. Is this a reality and can this happen to a home user? I would assume these targeted malware attacks would target companies with unlimited BW , not a home user with a 3G cap and someone on 3G.

    I told them to get the logs from the ISP.

    Any advice on this?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    In my experience malware is anything but "targeted". You pick up one trojan horse along the way and it lets all of its buddies in the back door. Before you blink three times your hard drive is loaded up with crap trying to phone home with all sorts of information. I'd say it's conceivable.

    Side story: I once ran McAfee AV via command line outside of Windows and it was removing viruses for three days, the screen constantly scrolling at warp speed the entire time listing the stuff it removed. The machine was running Windows 98 and the user was accessing the internet via AOL dialup... This was a little over a year ago. People just pick up random crap sometimes.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hey there, Sounds wicked

    What exactly do you mean outside of windows - from the command line?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Member
    Join Date
    Apr 2004
    Posts
    69
    I believe he means from a DOS boot disk, running a scan on the harddrive...

  5. #5
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    I prefer to use Boot CD's that either create a Physical Environment similar to an OS but not installed on the HDD, just running straight from the RAM or just run the scan from the CD prior to booting into Windows. Make any sense? It's more efficient to scan the entire HDD because if you're booted into Windows, there are a lot of files currently being used by something else that you will not be able to scan (or at least modify) with antivirus software.

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi there,

    Well which AV software will scan out side of windows and if it finds anything will disinfect or delete.

    I know the software I got can scan but cannot disinfect. Real bummer.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Have them check their dial-up and network connections. See if
    there's more than one. Back in the ol' days (early-2000's) when
    dial-up was prevalent here in the States, some malware would
    create new dial-ups, hooking into 900 (pay) numbers. I've seen
    phone bills jump like you're describing on 'phony' connections.

    Just a thought.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    There are only three AV scanners I know of that can disinfect from the command line. F-Prot, McAfee, and Trend Micro. I'm sure there are others.

    As for scanners that can disinfect from a PE (physical environment), there are many. All the conventional antispyware/antivirus programs I know of work in a PE.

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Yes they will work from command line but it depends on how your hard drive is formatted to make the scans work from a bootable CD. NTFS is tricky since you have to load a read/write driver and then do a scan.

  10. #10
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by oofki
    Yes they will work from command line but it depends on how your hard drive is formatted to make the scans work from a bootable CD. NTFS is tricky since you have to load a read/write driver and then do a scan.
    Dunno why NTFS should be a issue..
    You Have the Window's Preinstalled Environment (Win-PE) Cd's aka Winbuilder and Bart PE .. these have no issues with NTFS.. have worked well for me for over 4 years.. and with tools for (remote) registry editing. not only do you get the malware files .. but you also get to hit the registry entries that say.. "If my files deleted..redownload from one of these sites"..

    While not a Linux user for windows system recovery.. the various OS live CD's have been reporting excellent results with NTFS.. I have not worked with these because of the registry editing factor (If someone tells me there is a *nix Live OS app that supports Windows remote registry editing let me know)

    Regarding Ciders Issue;
    @Cider

    What was the problem with the Phone account? was it Calls? or Data Usage?
    If it's Calls.. then yes look for Diallers (Spybot SnD used to do an excellent job against them)
    If its Data.. then you're looking for a SPAM worm (spyware is not so obvious on the BW usage.. noticable but not that obvious)

    As for NTFS usage.. My impression is that All Vista Installs are NTFS.. BUT with XP.. some OEM's were still lumbering people with FAT32 partitions
    Last edited by Und3ertak3r; September 22nd, 2008 at 12:34 AM.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Similar Threads

  1. Website to website malware scanning
    By Aspman in forum Spyware / Adware
    Replies: 20
    Last Post: November 21st, 2005, 09:07 AM
  2. Snail Alert!
    By Egaladeist in forum Spyware / Adware
    Replies: 21
    Last Post: April 16th, 2005, 12:30 AM
  3. M$ office running on Linux
    By GbinaryR in forum Microsoft Security Discussions
    Replies: 8
    Last Post: March 30th, 2002, 09:37 PM
  4. Running Your Firewall in runlevel 0
    By micael in forum *nix Security Discussions
    Replies: 9
    Last Post: February 19th, 2002, 04:13 PM
  5. Traceroute: under the hood
    By antihaxor in forum Non-Security Archives
    Replies: 0
    Last Post: January 24th, 2002, 05:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •