Well, less than two weeks on Uverse Internet (Gigapower) and a computer gets hacked. When I turned on the monitor this morning, I was not able to log into the user account or the administrator account. After I did a password reset, I logged in as administrator. When I looked at the start menu, a new program was installed: Advanced Mass Sender.
Of course I have changed all of the passwords, and fortunately there's not much of value on the machine, but I'm wondering whether AMS is used to send spam or whether it's grabbing files on my hard drive. What does the typical hacker do with AMS? I tried going through the logs to see what had been sent, but I was unable to find evidence of any emails actually going out. I didn't have time to go through everything, so I left the computer off until I have time to go through it with the Internet disconnected.
The computer was protected with a 13-character password that included symbols. The SMTP server in AMS was set to sbcglobal.net. Hopefully that SMTP server has a flood limit on sending emails. It appears that the program was installed at 6:20 AM. I found the problem before 7:00 AM. If I had not logged into the administrator account, I would not have seen the program.
My guess is that they got in through Remote Desktop Connection, which also has a 13-character password. The bad part about 1 Gb service is a lot more emails can be sent in the same amount of time as a slower service. I guess Gigapower users are targets for hackers because of the additional bandwidth. I'd heard there were more hackers on AT&T, but I dismissed it as a comment from a Time Warner customer who was unable to get Gigapower.
If you have any experience with AMS, I'd appreciate your recommendations for determining the extent of the hack. The computer was already pending retire, so I'll speed that up.
↧