2008-09-03

Someone's tried to hack my system

I think I just realized what's been causing weird bleep with my system recently. Somehow, something has successfully bypassed my security software, fooled my various security scans, and been foiled merely because I haven't implemented the electronic interface features of Quicken in re online banking.

Someone with an account at Conduit.com, to be far too vaguely precise for my comfort.

When I do a save with Quicken, suddenly it has started saying the feature I'm trying to run isn't installed and to install it. I fell for that, I'd done some weird things myself recently and thought it needed to have registry entries corrected or some such. Only saved because, given the mess my home is, surprise! I could not find the disk to install the component needed. Which wasn't needed, after telling it no three times it would back up the data just fine. That, combined with suddenly, when I open Windows Explorer I was getting messages from ZoneAlarm Security Suite about blocking cookies; Windows Explorer only looks at stuff inside my computer, what's with cookies? Check, and its trying to contact Conduit.com... and finding myself at Conduit.com after failed URL searches started a bit ago after an auto-install of updating software from Comcast, prior to my munging up the .EXE file associations; since cleaning up that debacle hadn't found myself at conduit.com after failed URL searches... or did that change when I uninstalled the Comcast Toolbar as being non-compatible with FireFox 3? Can't install the Comcast toolbar any longer, something stops it from happening...

OK.

1) Someone Trojans me via an apparent Comcast auto-update, which protects itself from being over-written by rejecting any code which would affect that area of storage. Odds on its hiding somewhere in the code regarding Comcast. Oh, and its using javascript, looks like.

2) Its a smart little bugger, has been blocking WinXP from successfully installing security updates, I thought it was due to my messing things up earlier, I was wrong, its part of this attack. Funny thing, they deal with javascript vulnerabilities?

3) Its tried to send my eBay account info out, my security software has been preventing that, only now tied that into this.

4) I did have some bogus charges show up on one credit card account, thankfully the issuing bank, Bank of America, noticed something funny and contacted me, we closed that card down and hasn't been repeated with other accounts; that account, while not a debit card, was tied to my personal checking account...

5) Trying to get me to install additional functionality with Quicken; it wants me to let it talk to my bank, as me, now doesn't it? Sneaky little bastard!

Conclusion: It sure looks like its time for a new hard drive and a clean install, then put this hard drive on a non-networked machine and go over it with a fine tooth comb while seeing about salvaging data without transferring the Trojan horse. As a data drive, purging all the OS files is an option, actually, purging any executable file becomes an option.

6) Continue documenting what seems to be going on, and when enough data is pulled together to have a chance of figuring out when/where/how, passing the word on to the relevant folks, such as Comcast, as someone spoofed them well enough to get past me, ZoneAlarm, etc., to see how to stop it from getting other folks.

7) Lock down anything I can in re my system communicating with Conduit.com; sure, there may be legit stuff going on there, but nothing I've gone looking for, and that's where my sytem wants to spill its guts. If I've interpreted all of this correctly.

8) Continue my practise of not tying more things together online than I have to, that's all that stopped this one from getting me.

Glad I'm having all my password info stored on a USB key, under its own passwords, etc., that's probably all that has stopped some other things from happening.

Festive, that's all I've got to say, festive.

Time to go shopping, I guess.

Post this Puppy!

No comments: