So this Cryptolocker thing is floating around and really picking up steam: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/ gently caress the people who wrote this thing. It's simple, evil, and they're going to make some bank.
|
|
# ? Sep 17, 2013 21:38 |
|
|
# ? May 15, 2024 04:15 |
|
SubjectVerbObject posted:On with computer maintenance scammer right now. Somehow I've never heard of this. I wonder if their remote desktop.exe actually gives them remote desktop or if it's just some generic zombie trojan. I'm tempted to setup a VM to keep handy that has wallpaper for the FBI or Pakistani intelligence agency or something they'd like to own a whole bunch, let them in and see what it is then cut the internet connection. "oops I slipped cutting my steak and cut this gray wire in half. Can you send me a new one?"
|
# ? Sep 17, 2013 21:41 |
|
Vin BioEthanol posted:Somehow I've never heard of this. I wonder if their remote desktop.exe actually gives them remote desktop or if it's just some generic zombie trojan. I've cleaned up a couple of computers that fell for the "Hi this is Microsoft your Windows is reporting a virus!" calls, and I found an LMI Rescue applet and UltraVNC installed on both of them. It's not exactly high-grade stuff going on.
|
# ? Sep 17, 2013 21:53 |
|
ConfusedUs posted:So this Cryptolocker thing is floating around and really picking up steam: This poo poo is evil and holy hell it's ingenious.
|
# ? Sep 17, 2013 21:56 |
|
Inspector_71 posted:I've cleaned up a couple of computers that fell for the "Hi this is Microsoft your Windows is reporting a virus!" calls, and I found an LMI Rescue applet and UltraVNC installed on both of them. It's not exactly high-grade stuff going on.
|
# ? Sep 17, 2013 22:04 |
|
ConfusedUs posted:So this Cryptolocker thing is floating around and really picking up steam: Can anyone tell me if this solution looks legit?
|
# ? Sep 17, 2013 22:07 |
|
coyo7e posted:Yeah, a scientist at my work came in livid that her husband had fallen for this phone scam, but at least it wasn't her work computer. On the list of "gently caress you virus-getters!" that one is not that high on the list for me. I mean, I can understand the problem if there's sensitive data on the computer/network (aside from anything that would be harvested from cookies, etc.) but it doesn't leave very much poo poo behind that needs cleaning up, and the stuff it does leave can just be uninstalled normally for the most part.
|
# ? Sep 17, 2013 22:15 |
|
Shukaro posted:This poo poo is evil and holy hell it's ingenious. Bloody hell, that is nasty. Am I being thick, or doesn't MSE have a list of malware/viruses that the current definition protects against? I can't tell if I am safe or not.
|
# ? Sep 17, 2013 22:22 |
|
spog posted:Bloody hell, that is nasty. Well, it's a fairly new bug, so many AVs aren't updated with definitions for it or just can't catch it yet, plus the fact that further development is being directly funded by its victims. Although you're quite safe as long as you don't fall for the email or whatever.
|
# ? Sep 17, 2013 22:34 |
|
Dr. Arbitrary posted:Can anyone tell me if this solution looks legit? That's what I'm testing. One machine got hit with this last week and ate a chunk of our network files. Idiot released the drat spam email from Postini and then opened the attachment.
|
# ? Sep 17, 2013 22:36 |
|
Dick Trauma posted:That's what I'm testing. One machine got hit with this last week and ate a chunk of our network files. Idiot released the drat spam email from Postini and then opened the attachment. I don't suppose you have a screenshot of the email? Time to send out a "BEWARE THE EMAIL MONSTER" blast to everyone.
|
# ? Sep 17, 2013 22:39 |
|
Inspector_71 posted:On the list of "gently caress you virus-getters!" that one is not that high on the list for me. I mean, I can understand the problem if there's sensitive data on the computer/network (aside from anything that would be harvested from cookies, etc.) but it doesn't leave very much poo poo behind that needs cleaning up, and the stuff it does leave can just be uninstalled normally for the most part. Yeah, the ones I've seen, there's been minimal actual harm done to the computer in question, their strategy is mostly geared toward trying to get the user to give them a credit card payment over the phone. There's one version of it that I think doesn't even bother getting the user to download anything, they just direct the user to some scary looking part of the windows system logs and try to get them to give a CC number over the phone to 'fix it'. A client's PC today: It was "running slow." I don't know how people get to this point while still getting any actual work done.
|
# ? Sep 17, 2013 22:45 |
|
This one is nasty enough I'm asking my boss to have corp communications send out an email blast about email attachments. We live by the mapped drive and just one of these folks bringing this in could cause major issues for entire departments.
|
# ? Sep 17, 2013 22:55 |
|
Entropic posted:Yeah, the ones I've seen, there's been minimal actual harm done to the computer in question, their strategy is mostly geared toward trying to get the user to give them a credit card payment over the phone. There's one version of it that I think doesn't even bother getting the user to download anything, they just direct the user to some scary looking part of the windows system logs and try to get them to give a CC number over the phone to 'fix it'. Someone needs to give one of those scammers access to a VM setup like this. They also need to roleplay someone who is very particular about how their computer is setup and that everything is perfect right now oh god don't touch anything I need that.
|
# ? Sep 17, 2013 23:06 |
|
Galler posted:Someone needs to give one of those scammers access to a VM setup like this. They also need to roleplay someone who is very particular about how their computer is setup and that everything is perfect right now oh god don't touch anything I need that. Oh god, giving them access to a VM sounds like fun. I wonder how long it would take them to realize something was up.
|
# ? Sep 17, 2013 23:21 |
|
Install windows, reduce CPU to 50MHz.
|
# ? Sep 17, 2013 23:25 |
|
EAT THE EGGS RICOLA posted:I don't suppose you have a screenshot of the email? Time to send out a "BEWARE THE EMAIL MONSTER" blast to everyone. quote:Date: Wed, 11 Sep 2013 16:32:27 -0500 The best part: we don't even have any Xerox scanners.
|
# ? Sep 17, 2013 23:28 |
|
Dr. Arbitrary posted:Oh god, giving them access to a VM sounds like fun. I wonder how long it would take them to realize something was up. I tried that once and they just systeminfo'd and saw that it was a VM immediately. Then I pretended to have no idea what they were talking about and they carried on trying to "fix" my unpatched Win ME VM.
|
# ? Sep 17, 2013 23:28 |
|
We don't allow users to release their spam emails. Most don't even know they can view them, we don't tell them it's available or that we even have a spam appliance.
|
# ? Sep 17, 2013 23:29 |
|
A call came in. This particular client likes to call in and then work with his coworkers for a while on things I can't help with. Basically I'm going to wait around silently for half an hour and then tell him the problem is outside the thing we support.
|
# ? Sep 18, 2013 00:34 |
|
MJP posted:Not to pull a Corvettefisher but while I should have done that, chances are I'd be written up for being unavailable. Hate to say it, man, but after-hours maintenance on production systems is part of being a sysadmin. You aren't going to escape it unless you find a shop that has actual 24/7 staffing (and somehow avoid being stuck on the graveyard/weekend shift yourself because you're the new guy) or get a job someplace with a small IT footprint where there just isn't much that has to be done after hours (in which case you will be the entire department and will always be on call for everything 24/7 and will never have an uninterrupted vacation again). 13 hours does seem a bit excessive for firmware updates, though, unless you have thousands of servers and only two of you doing the work. Hell, even then you can script that poo poo and do a bunch of systems at once (or at scheduled intervals if you have stuff that can't be down simultaneously); it's not like you have to be doing them manually one at a time. How many systems are you going to be updating? It's also pretty lovely if your boss doesn't at least let you show up late/leave early for a few days the next week, even if they don't do "official" comp time. At least they gave you some notice instead of dropping it on you the Friday afternoon before, I guess.
|
# ? Sep 18, 2013 00:59 |
|
There is speculation that Cryptolocker is being spread via botnets onto already compromised machines in addition to email.
|
# ? Sep 18, 2013 01:00 |
|
Anyone else ever get the feeling they work with someone who pushes workloads onto you because "it's too sensitive for me to handle" and don't want to deal with back blast if poo poo goes wrong? I can't help but feel some of these work loads are just being pushed over to me for no other reason that I can see.
|
# ? Sep 18, 2013 01:03 |
|
dennyk posted:Hate to say it, man, but after-hours maintenance on production systems is part of being a sysadmin. Not being compensated for after-hours maintenance is most certainly not part of being a sysadmin.
|
# ? Sep 18, 2013 01:04 |
|
Shukaro posted:Well, it's a fairly new bug, so many AVs aren't updated with definitions for it or just can't catch it yet, plus the fact that further development is being directly funded by its victims. Entropic posted:Yeah, the ones I've seen, there's been minimal actual harm done to the computer in question, their strategy is mostly geared toward trying to get the user to give them a credit card payment over the phone. There's one version of it that I think doesn't even bother getting the user to download anything, they just direct the user to some scary looking part of the windows system logs and try to get them to give a CC number over the phone to 'fix it'. "Please now press the <unintelligible> key" "What key?" "The <unintelligible>" "The 'what' key?" "Yes please to press the what key for m-.. Wait-" "You want me to press the what key? Where's that one on my keyboard?!" coyo7e fucked around with this message at 01:12 on Sep 18, 2013 |
# ? Sep 18, 2013 01:04 |
|
EAT THE EGGS RICOLA posted:Not being compensated for after-hours maintenance is most certainly not part of being a sysadmin. God, isn't that the truth. I just know we're going to get a weekend on-call rotation implemented soon. We missed a call from a user that locked himself out at 8:50am on Saturday. Unfortunately his name's on the building. New management is in a tizzy about this, and they're asking for cell phone numbers. They're also ridiculously cheap, so I know they're going to push for no compensation. I need to
|
# ? Sep 18, 2013 01:30 |
|
Belial42 posted:God, isn't that the truth. I just know we're going to get a weekend on-call rotation implemented soon. We missed a call from a user that locked himself out at 8:50am on Saturday. Unfortunately his name's on the building. New management is in a tizzy about this, and they're asking for cell phone numbers. They're also ridiculously cheap, so I know they're going to push for no compensation. Something similar to this happened where I worked and they told us that they were going to set up an on-call rotation. They gave up immediately after the entire IT department said "okay, the industry average for extra pay for being on call is $X/day, with $Y/hr or comped time for receiving and acting on a call, let's get that set up". I wouldn't mind being on call 24 hours a day for my share of the rotation if I was well compensated for it, even though I don't legally need to be in my province where IT professionals are exempt from lots of labour laws. My profession is fully exempt from all overtime requirements in the province where I work, but I would immediately give my two weeks notice if my work tried to make me conform to that without also substantially adjusting my salary. http://www.labour.gov.on.ca/english/es/tools/srt/coverage_government_it.php
|
# ? Sep 18, 2013 01:46 |
|
A guy just called me and "lectured" me on password security in regards to notifying the end user. I wanted to tell him he's dumb as hell for expecting a 180 day change. He goes on to tell me he doesn't log in to a PC, just e-mail and only on his phone. I made sure to remark why phones cause AD lockouts often but of course, he was so busy thinking he was right he didn't hear me. Callers don't bother me but drat, that just annoys me. It was a medical client so I didn't dare start into HIPAA as well. Working for an MSP is FUN guys! You should totally try it!
|
# ? Sep 18, 2013 01:49 |
|
Vin BioEthanol posted:Somehow I've never heard of this. I wonder if their remote desktop.exe actually gives them remote desktop or if it's just some generic zombie trojan. EAT THE EGGS RICOLA posted:I tried that once and they just systeminfo'd and saw that it was a VM immediately. Then I pretended to have no idea what they were talking about and they carried on trying to "fix" my unpatched Win ME VM. Dammit. I had a VM all set up with win95 OSR2, firewalled off all my other machines and with 16 megs ram...
|
# ? Sep 18, 2013 01:58 |
|
So there was a meeting at my client about migrating from old BB5 devices and moving to BB10 and BES 10. So I let the account lead know whats going on. He asked me to setup a 2008R2 VM so we could use it for the BES 10 deployment, no big deal. Apparently there was a mini meeting and it was decided I would be to subject matter expert for BES 10. Its not really that bad is it?
|
# ? Sep 18, 2013 02:13 |
|
blackswordca posted:So there was a meeting at my client about migrating from old BB5 devices and moving to BB10 and BES 10. So I let the account lead know whats going on. He asked me to setup a 2008R2 VM so we could use it for the BES 10 deployment, no big deal. I mean, I guess I would rather manage our BES10 server than be responsible for printers, if that helps at all.
|
# ? Sep 18, 2013 02:17 |
|
EAT THE EGGS RICOLA posted:I mean, I guess I would rather manage our BES10 server than be responsible for printers, if that helps at all. This is the first client that our company has had that has decided to run BES 10 so nobody know what to expect or what issues to run into.. At least I got it in writing there would be no after hours work for the project.
|
# ? Sep 18, 2013 02:19 |
|
blackswordca posted:This is the first client that our company has had that has decided to run BES 10 so nobody know what to expect or what issues to run into.. To be fair, it was really, really easy to set up and get going.
|
# ? Sep 18, 2013 02:20 |
|
ConfusedUs posted:So this Cryptolocker thing is floating around and really picking up steam: The only instance I have seen of this we paid it and then did a chargeback on the credit card. Fast, simple, and it helps get the wiretransfer service used shutdown faster.
|
# ? Sep 18, 2013 02:27 |
|
blackswordca posted:to which I got the reply "We decided in the meeting you were going to be a volunteer." blackswordca posted:Apparently there was a mini meeting and it was decided I would be to subject matter expert for BES 10. There seems to be this worrying trend in your life...
|
# ? Sep 18, 2013 03:20 |
|
Paladine_PSoT posted:Oh man... Power outage. Oh, core2 duo box I've been limping along for years, you went before your time.
|
# ? Sep 18, 2013 05:33 |
|
Paladine_PSoT posted:Power outage. Oh, core2 duo box I've been limping along for years, you went before your time. ASUS, you say. I take it this is a P5 series motherboard? If it's important enough you can get a replacement BIOS chip from them for $15.
|
# ? Sep 18, 2013 08:34 |
First day on the job at a small Italian company, I don't speak Italian and the Boss' English isn't perfect so a slight lapse in communication meant that after a full 8 hours of researching and putting together a few documents on how we could best implement pass-through authentication and barcode generation/scanning for our project client, he tells me that the dedicated hosting we're about to buy is Windows not Linux. But since he's Italian he doesn't seem to care. e: Before anybody tells me that this is simple as piss and should have taken twenty minutes, I've never had any real experience with this stuff before, and he knew that when hiring me. When I went to the job interview I had no idea what the company was (the website said nothing) and I had to sell myself on all things computer related for 20 minutes before I got to ask him what the company actually did. Sulla Faex fucked around with this message at 08:52 on Sep 18, 2013 |
|
# ? Sep 18, 2013 08:46 |
|
eszett engma posted:ASUS, you say. I take it this is a P5 series motherboard? If it's important enough you can get a replacement BIOS chip from them for $15.
|
# ? Sep 18, 2013 09:00 |
|
|
# ? May 15, 2024 04:15 |
|
eszett engma posted:ASUS, you say. I take it this is a P5 series motherboard? If it's important enough you can get a replacement BIOS chip from them for $15. Does the hotswap flash method still work these days? (Find a working board, enable shadow memory, boot to DOS, carefully remove BIOS chip while the system is powered on, flash BIOS, power up, put both chips back in their correct board. Fixed a few boards that way when CIH was running rampant, then I discovered that work had an EPROM programmer so used that instead.
|
# ? Sep 18, 2013 11:16 |