Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan enables remote control of Internet settings?

stuzog

I had a very unusual experience today. Suddenly, my Internet connection slowed dramatically. Within half an hour I received a telephone call from someone with a very East Indian-sounding accent, who informed me that I had called the Windows Help Desk with the problem that my Internet connection had slowed down(!) and he could help me. This was triply-strange, as I run a Mac and hadn't called anyone -- but my Internet had slowed as if it was turned down like a tap.

After a while, I hung up, downloaded Sophos MacHomeAV. I called my ISP, and the service rep said that he had heard of this happening, but this was the first time it had been reported to him. I ran a full scan of my hard drive, but it found no threats.

My Internet feed returned to its original level within an hour of hanging up on the telephone call from India. Strange! Any ideas? Is my hard drive infected? I'm wondering how this happened and how I can protect myself against this obvious scam.

:1003031


This thread was automatically locked due to age.
  • 0

    Interesting phishing method; it sounds to me like they likely use a botnet to perform a denial of service attack on your ISP, and then contact the customers.  This, of course, would mean that they have somehow got their hands on your ISP's customer list.  You might want to check with your ISP and see if they have had any security breaches (they are required to report them in many locations) and if they've had any heavy traffic degrading their service.

    Also, are you using your ISP's DNS servers (the default), or a third party?  Are you using a router with a default password?  It's also possible that they are only degrading your DNS service, or have logged into your router using a default password and are monitoring your data/degrading your service at your router.  If you ever sent your phone number out over the router, they would then have it.

    A few things to think about, anyway.  Most likely nothing to do with your actual computer.

    :1003037