• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Weird incident with a BB sd card and my home network.PLEASE?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
Kel68
Just Arrived
Just Arrived


Joined: 12 Nov 2008
Posts: 0
Location: Dallas

Offline

PostPosted: Wed Nov 12, 2008 12:11 pm    Post subject: Weird incident with a BB sd card and my home network.PLEASE? Reply with quote

A friend of mine left their BlackBerry at my home and later called to tell me about some pics from a recent outing that was on them and asked if I would get them off.

The phone was uncharged so I got my little reader out, and removed the sd card and began to view. I was anxious to do so, because I had done this before and things turned weird - guess I needed a reality check. I had some unanswered questions. I reviewed the card and didnt see much on it, other than registry files - similar if not identical to windows. Didnt think much at the time.

Two days later my entire network of 4 home computers were invaded with a remote connections - I don't use them. It got crazy. I ran wireshark and was being slammed, file structures, contents, etc where being ravaged by..... what can only feel like a battle with someone over my desktop! ISP sent emails about the excessive bandwith use, desktops changes, I had new roaming files never seen before, and it looked like handpicked files were being stored in odd locations with odd extensiosn I could not open. Large files. I feel like I was under attack, couldn't capture screenshots quick enough to validate my story really.

I have had training for this and am a current forensics student and honestly - I had no idea what to do to stop such an abrupt personal attack!! I ended up using FTK to image the card, and registry viewer. The structure of this card is no diff than a windows registry - WITH the exception of many remote exe programs. - I actually saw the hardware on my computer change - as far as product type and many new drivers. It then took about a day before the rest of my family exp similar things.

My QUESTION - could this be some sort of planted virus, rootkit or something? I have had other incidents with this person and thigs like this seem to "happen" - but they claim computer newbie. Could it be normal and I triggered something that didn't mix with XP? I have explained to others and honestly, I think they think I am nuts. I would love to send the files structure off the registry viewer I got.

This is a new friend and I am wanting to be fair, but my gut - no matter how strange the incident is, tells me BAD NEWS. I almost feel like it is either something I handled wrong, or it is simply malicious as the attack on my comps at home felt like I was dealing with an exorsist. I don't do a lot of remote things, so need some feed back.

I feel like a victim with this, and because it is personal - am wanting to ease up on my basic instinct. Do people put things on these for this reason? Freak accident...........twice?! New fad?!?! Thanks for anything you can offer!

Moderator note: edited for formatting, break up into paragraphs - capi
Back to top
View user's profile Send private message
Maxhavoc
Just Arrived
Just Arrived


Joined: 10 Feb 2006
Posts: 0


Offline

PostPosted: Wed Dec 03, 2008 8:42 pm    Post subject: Reply with quote

First lesson to learn: always perform a virus scan on any foreign media you insert into your computer.

This sounds like a mischief virus, something that isn't out for any reason other than to cause chaos and frustration. Format your computers, all of them. Format the SD card. Question the friend, see if he knew, if he did, ditch him and if he had a good BlackBerry, sell it for some extra cash as payment for the time you spent fighting fires.

Also, when your network is going haywire, first thing to do is unplug the network cable.
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Thu Dec 04, 2008 12:31 am    Post subject: Reply with quote

I promise I will read your post if you promise to format it.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register