Weird incident with a BB sd card and my home network.PLEASE?

Networking/Security Forums -> Computer Forensics and Incident Response

Author: Kel68Location: Dallas PostPosted: Wed Nov 12, 2008 12:11 pm    Post subject: Weird incident with a BB sd card and my home network.PLEASE?
A friend of mine left their BlackBerry at my home and later called to tell me about some pics from a recent outing that was on them and asked if I would get them off.

The phone was uncharged so I got my little reader out, and removed the sd card and began to view. I was anxious to do so, because I had done this before and things turned weird - guess I needed a reality check. I had some unanswered questions. I reviewed the card and didnt see much on it, other than registry files - similar if not identical to windows. Didnt think much at the time.

Two days later my entire network of 4 home computers were invaded with a remote connections - I don't use them. It got crazy. I ran wireshark and was being slammed, file structures, contents, etc where being ravaged by..... what can only feel like a battle with someone over my desktop! ISP sent emails about the excessive bandwith use, desktops changes, I had new roaming files never seen before, and it looked like handpicked files were being stored in odd locations with odd extensiosn I could not open. Large files. I feel like I was under attack, couldn't capture screenshots quick enough to validate my story really.

I have had training for this and am a current forensics student and honestly - I had no idea what to do to stop such an abrupt personal attack!! I ended up using FTK to image the card, and registry viewer. The structure of this card is no diff than a windows registry - WITH the exception of many remote exe programs. - I actually saw the hardware on my computer change - as far as product type and many new drivers. It then took about a day before the rest of my family exp similar things.

My QUESTION - could this be some sort of planted virus, rootkit or something? I have had other incidents with this person and thigs like this seem to "happen" - but they claim computer newbie. Could it be normal and I triggered something that didn't mix with XP? I have explained to others and honestly, I think they think I am nuts. I would love to send the files structure off the registry viewer I got.

This is a new friend and I am wanting to be fair, but my gut - no matter how strange the incident is, tells me BAD NEWS. I almost feel like it is either something I handled wrong, or it is simply malicious as the attack on my comps at home felt like I was dealing with an exorsist. I don't do a lot of remote things, so need some feed back.

I feel like a victim with this, and because it is personal - am wanting to ease up on my basic instinct. Do people put things on these for this reason? Freak accident...........twice?! New fad?!?! Thanks for anything you can offer!

Moderator note: edited for formatting, break up into paragraphs - capi

Author: Maxhavoc PostPosted: Wed Dec 03, 2008 8:42 pm    Post subject:
First lesson to learn: always perform a virus scan on any foreign media you insert into your computer.

This sounds like a mischief virus, something that isn't out for any reason other than to cause chaos and frustration. Format your computers, all of them. Format the SD card. Question the friend, see if he knew, if he did, ditch him and if he had a good BlackBerry, sell it for some extra cash as payment for the time you spent fighting fires.

Also, when your network is going haywire, first thing to do is unplug the network cable.

Author: ryansuttonLocation: San Francisco, California PostPosted: Thu Dec 04, 2008 12:31 am    Post subject:
I promise I will read your post if you promise to format it.

Networking/Security Forums -> Computer Forensics and Incident Response

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group