Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can an IP Address Be Compromised?


  • Please log in to reply
51 replies to this topic

#1 Toto_Too

Toto_Too

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 July 2017 - 04:25 PM

Long story short, yesterday my sister did the unthinkable.  After clicking on a link on facebook for a supposed salad recipe, a screen came up informing her her laptop was now BLOCKED.  A phone number was provided for assistance in fixing the problem.  Yeah, I know ... the very thing that she was absolutely NOT supposed to do.  But, panicked ... she called the number. 

 

Anyway, the scammer on the phone mentioned to my sister that her IP Address was now compromised and that neither a Windows reinstall or even a NEW computer would neutralize the compromised IP Address.  Frankly I think that was just a scare tactic.  So, to give my sister peace of mind, I want to know in an in a nutshell manner --- CAN an IP Address be compromised?  You know ... like permanently as in maybe needing to request a new one or something?

 

FYI ... my sister did end the phone call with the scammer when he suggested that she call one of two companies (websites) to fix her computer.  They would have of course just suckered her out of some money.



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 04:57 PM

A router can be compromised through an IP address, but not the IP address itself.

 

You might look at her router configuration and run the ports tests.

 

Router security checklist -

http://routersecurity.org/checklist.php


Test for open ports -

Shields UP! -

https://grc.com/x/ne.dll?bh0bkyd2

SG Security Scan -

http://www.speedguide.net/scan.php


Edited by jwoods301, 12 July 2017 - 04:59 PM.


#3 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 05:01 PM

You could also have your sister sign up on BC, do the following malware checks, and post the logs...

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Malwarebytes Anti-Malware -

https://www.malwarebytes.org/antimalware/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.
 



#4 Toto_Too

Toto_Too
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 July 2017 - 06:07 PM

Ahhh, that's the kind of straight up answer I was looking for --- that the IP Address itself cannot be compromised.  Because that was really worrying my sister.

 

As to the security of their router?  Only her husband would know that.  That's a lot of info / checks on that Router Security list.  Unfortunately, somehow I have the feeling their router almost assuredly has whatever minimal default settings ... only enough to just get them connected.

 

As to running those other apps to check for malware?  She did perform an avast Quick Scan yesterday and said it found No Threats.

 

I am familiar with and use AdwCleaner, Malwarebytes Anti-Malware and JRT.  Originally when she first started telling me about her "I'm so gullible" story, I suggested she bring her laptop to me so that I could scan it with all my various apps / tools.  However, when she then proceeded to tell me the full story, I decided and suggested to her that to be on the safe side, it would be a much better idea to just take her laptop to get her Windows completely reinstalled.  (The over the phone scammer actually at some point snooped around her laptop's files via remote connection. :o  I didn't want her taking any chances with what deeply hidden malware / backdoor the scammer might have left in there somewhere.)    I told her that a Windows reinstall would not only not hurt, but it would actually almost assuredly help her laptop since I've been convinced for a while now that her laptop's Windows 10 is not exactly properly installed ever since her laptop just sort of upgraded itself from Windows 7 to Windows 10.  She experiences lockups and a lot of the times, reboots are a throw of the dice as to whether the laptop is gonna finish booting or whether it's just gonna sit there at a black screen and cursor.  When I periodically use her High Speed Internet laptop to download apps (I have Dial Up), sometimes I have to resort to unplugging the power adapter and removing the battery for a couple of minutes to get it to boot up.

 

So yeah, my suggestion was that considering her nightmare experience yesterday AND her laptop's unstableness, a Windows reinstall would almost assuredly help either way.  She was supposed to call me today.  She hasn't yet.  So, I don't know whether she went ahead with getting Windows reinstalled in her laptop.

 

Thanks for your insight and info, jwoods.



#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 07:16 PM

She might also find these articles by Brian Krebs helpful for future reference...3 Basic Rules for Online Security and Tools for a Safer PC -

https://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/

https://krebsonsecurity.com/tools-for-a-safer-pc/



#6 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 12 July 2017 - 07:42 PM

The IP address don't but it can be spoofed and also the MAC address... The computer could have been turned into a zombie one...

 

I think it's all  a hoax. However if the attacker can/could access remotely with a remote control program allowed by the host, it won't be recognised as malware by malware fighters most probably.

 

You don't know what stuff was changed in the OS, so the best thing is a new install of the system. Reset the router and configure it again.

 

Also, she should change her phone number as the attacker might identified it and used it later to get something...



#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 07:56 PM

Also, she should change her phone number as the attacker might identified it and used it later to get something...

No need to change her phone number.

 

Unless she is using a static public IP address, power cycling the router usually generates a new IP.


Edited by jwoods301, 12 July 2017 - 07:59 PM.


#8 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 4,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:41 AM

Posted 12 July 2017 - 07:59 PM

The IP address don't but it can be spoofed and also the MAC address... The computer could have been turned into a zombie one...

 

I think it's all  a hoax. However if the attacker can/could access remotely with a remote control program allowed by the host, it won't be recognised as malware by malware fighters most probably.

 

You don't know what stuff was changed in the OS, so the best thing is a new install of the system. Reset the router and configure it again.

 

Also, she should change her phone number as the attacker might identified it and used it later to get something...

 

I disagree.

 

These kinds of drive-by exploits are attacks of convenience and rely on people panicking and allowing the rogues in by invitation.

 

Once that fails you virtually never hear from them again or see any effects.  This is almost 100% true if you didn't actually allow remote access to occur and nothing in the original post indicates that the hoax was not interrupted before any access to the machine was granted.

 

There is no point in piling one overreaction on top of another.


Edited by britechguy, 12 July 2017 - 08:01 PM.

Brian  AKA  Bri the Tech Guy (website address in my profile) Windows 10 Home, 64-bit, Version 1703, Build 15063

       

    A man's worst difficulties begin when he is able to do as he likes.
              ~ Thomas H. Huxley (1876)

 


#9 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 12 July 2017 - 08:33 PM

That's why I said it is all of a hoax but you can't be sure.

 

Installing everything is 100% fixing anything.

 

Power cycling don't solv the possibly attack on a router.

 

Phone number could possibly used to at least hostigate the victim.



#10 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 08:37 PM


Power cycling don't solv the possibly attack on a router.

 

 

That's why I posted the router security information in the second post, if you read the entire thread.

 

Power cycling would likely assign a new public IP.



#11 Toto_Too

Toto_Too
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 July 2017 - 08:54 PM

Thanks for the additional links, jwoods.  Good stuff.  I certainly live by those 3 basic rules.  I keep my computer lean & mean.  However, it's tough to try and instill the approach of those 3 rules into people whose eyes immediately glaze over upon getting into any tech talk.  But, in talking to her, it sounded like she did learn some lessons, albeit the hard way.  I did stress --- do NOT EVER EVER EVER call any phone number that gets provided for supposed assistance like in this situation.  She did appear to have had her eyes opened to from now on being way more careful with what links she clicks on.  She said she was gonna stop taking those surveys and playing some little I guess ... games that pop up on facebook.

 

And actually, before she called me the 2nd time yesterday, she remembered to call her son who is an IBM Engineer.  While her son is not a programmer or Software Engineer, but rather a Hardware Engineer, he does know more about computers and Windows 10 than I do.  Her son, who lives like 500 miles away, made a remote connection into my sister's laptop and checked various things out and said that nothing seemed to be out of whack ... no obvious threats.

 

So my sister finally called me again a while ago and said that after thinking it over and with her son having declared her laptop OK, she was going to nix the Windows reinstall.

 

Weather permitting, I'll be going over to my sister's house on Saturday.  I told her I'd give her laptop a good thorough checking out with not only avast again, but also with the various other apps that I regularly use.  Like: AdwCleaner, JRT, MBAM, SAS, Dr. WebCureIt, Glary Utilities, CCleaner and Wise Care 365.


Thanks for the additional links, jwoods.  Good stuff.  I certainly live by those 3 basic rules.  I keep my computer lean & mean.  However, it's tough to try and instill the approach of those 3 rules into people whose eyes immediately glaze over upon getting into any tech talk.  But, in talking to her, it sounded like she did learn some lessons, albeit the hard way.  I did stress --- do NOT EVER EVER EVER call any phone number that gets provided for supposed assistance like in this situation.  She did appear to have had her eyes opened to from now on being way more careful with what links she clicks on.  She said she was gonna stop taking those surveys and playing some little I guess ... games that pop up on facebook.

 

And actually, before she called me the 2nd time yesterday, she remembered to call her son who is an IBM Engineer.  While her son is not a programmer or Software Engineer, but rather a Hardware Engineer, he does know more about computers and Windows 10 than I do.  Her son, who lives like 500 miles away, made a remote connection into my sister's laptop and checked various things out and said that nothing seemed to be out of whack ... no obvious threats.

 

So my sister finally called me again a while ago and said that after thinking it over and with her son having declared her laptop OK, she was going to nix the Windows reinstall.

 

Weather permitting, I'll be going over to my sister's house on Saturday.  I told her I'd give her laptop a good thorough checking out with not only avast again, but also with the various other apps that I regularly use.  Like: AdwCleaner, JRT, MBAM, SAS, Dr. WebCureIt, Glary Utilities, CCleaner and Wise Care 365.


Edited by Toto_Too, 12 July 2017 - 08:59 PM.


#12 Toto_Too

Toto_Too
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 July 2017 - 08:57 PM

Thanks for the additional links, jwoods.  Good stuff.  I certainly live by those 3 basic rules.  I keep my computer lean & mean.  However, it's tough to try and instill the approach of those 3 rules into people whose eyes immediately glaze over upon getting into any tech talk.  But, in talking to her, it sounded like she did learn some lessons, albeit the hard way.  I did stress --- do NOT EVER EVER EVER call any phone number that gets provided for supposed assistance like in this situation.  She did appear to have had her eyes opened to from now on being way more careful with what links she clicks on.  She said she was gonna stop taking those surveys and playing some little I guess ... games that pop up on facebook.

 

And actually, before she called me the 2nd time yesterday, she remembered to call her son who is an IBM Engineer.  While her son is not a programmer or Software Engineer, but rather a Hardware Engineer, he does know more about computers and Windows 10 than I do.  Her son, who lives like 500 miles away, made a remote connection into my sister's laptop and checked various things out and said that nothing seemed to be out of whack ... no obvious threats.

 

So my sister finally called me again a while ago and said that after thinking it over and with her son having declared her laptop OK, she was going to nix the Windows reinstall.

 

Weather permitting, I'll be going over to my sister's house on Saturday.  I told her I'd give her laptop a good thorough checking out with not only avast again, but also with the various other apps that I regularly use.  Like: AdwCleaner, JRT, MBAM, SAS, Dr. WebCureIt, Glary Utilities, CCleaner and Wise Care 365.



#13 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 12 July 2017 - 08:57 PM

Sure thing.

 

If you help people remotely, you might look into TeamViewer (free for personal use)...

https://www.teamviewer.com/en/

The person needing your help would just need have the TeamViewerQS (Quick Support client), but there is nothing they need to install. It would simply need to be run when you need to connect.

See the blue Quick Support buttom on the TeamViewer page.

Tutorials and videos can be found here...

https://www.teamviewer.com/en/support/videos/
 

Looks like your post above "double posted".



#14 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:41 PM

Posted 12 July 2017 - 08:58 PM

I can positively confirm that a similar scenario occurred approximately 2 months ago, by a women who uses Facebook to get jobs (and promote) her business. The attacker extracted the IE browser passwords, a fake message popped up claiming to be from Facebook, and has "Detected a security violation" ring this number immediately.

When she telephoned the number, the male attacher claimed to be from Facebook. After, blah, blah, blah, blah, SHE GOT SUSPICIOUS OF THE STALLING TACTICS and hanged up and called the police.

Police cybercrime unit instructed her to immediately power off the router first and then her laptop, and then immediately ring her bank and block her internet banking account.

The bank took her laptop for forensic analysis, AND FOUND THE FOLLOWING:

(1) malware extracting browser passwords

(2) malware was acting as proxy relay from her laptop

(3) the attacker(s) accessed her internet banking account through her laptop and IP

Toto_Too, Just Google: extracting browser passwords
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#15 Toto_Too

Toto_Too
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 July 2017 - 09:17 PM

 

The IP address don't but it can be spoofed and also the MAC address... The computer could have been turned into a zombie one...

 

I think it's all  a hoax. However if the attacker can/could access remotely with a remote control program allowed by the host, it won't be recognised as malware by malware fighters most probably.

 

You don't know what stuff was changed in the OS, so the best thing is a new install of the system. Reset the router and configure it again.

 

Also, she should change her phone number as the attacker might identified it and used it later to get something...

 

I disagree.

 

These kinds of drive-by exploits are attacks of convenience and rely on people panicking and allowing the rogues in by invitation.

 

Once that fails you virtually never hear from them again or see any effects.  This is almost 100% true if you didn't actually allow remote access to occur and nothing in the original post indicates that the hoax was not interrupted before any access to the machine was granted.

 

There is no point in piling one overreaction on top of another.

 

 

Britechguy ... as I mention on my 2nd comment (#4), unfortunately at some point my sister DID allow the scammer remote access to her laptop.  That or he just acquired remote access regardless of my sister's permission or not.  Either way, the scammer WAS snooping around in her laptop's files at some point while claiming he was from Microsoft.

 

That's why yesterday, I actually suggested to my sister just like Malwaredpc suggests --- I suggested that she change her Cellphone number.  I didn't like the idea of some Online nefarious person / hacker now very likely having the combo of my sister's FULL name from facebook where the bad link was ... AND my sister's Cellphone number from when she called the bogus assistance phone number that came up on screen when her laptop was BLOCKED.  The way I saw it, while my sister's Cellphone number is not exactly a Social Security Number, it's still an important factor in the equation of possible identity theft.  So I told my sister that to be on the safe side, she should break that combo, that connection of THAT Cellphone number to her FULL name.  You know ... just in case.  We don't know with 100% certainty what could be on the mind of that scammer.

 

So, she said she was going to change her Cellphone number tomorrow.  She said that it was just as well anyway because as it was, in recent times she had already been getting way too many mysterious calls from known area codes.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users