tankman1989
Active Member
- Reaction score
- 5
This is a serious threat to people who have broadband. The mindset of ISP employees is lackadaisical and dangerous. Please read this as you should be informed of my situation and I need opinions as to what to do.
I have a new broadband service provider (DSL) and I have been having problems with the connection speed dropping to .1Mbps and having to reboot the modem. On my 5th call to tech support I had an agent who asked me to download a special file from their server. It was supposed to be a large file and they would just see how long it took to download. I typed in the URL as he said it and when I found that it ended in .scr I told him that I wouldn't download it.
I asked him if he had ever heard of viruses in scr files and he said "never". I told him that I worked as the AV admin for a number of large companies for at least 3 years and had encountered hundreds of viruses that came from .scr files or were still hidden in scr files. That is the only reason I know the extension. This young lad became irritated, rude and semi-baligerant when I refused to download the file. he told me that the reason I had viruses was because I was using some cheap consumer AV, lol. I said "oh really". It was amazing how he know what products I supposedly administered. I then asked him what AV software his company used and he said Symantec Corp. I chuckled and said he needs to read up on his Enterprise AV solution reviews. I actually worked for 3 companies that used Symantec Corp as their AV program and found them woefully inadequate. I installed Sophos and Eset in replacement and found thousands of viruses on one companies network.
In fact, in one small company in Rancho Santa Fe, California (40 mins North East of San Diego), I found an average of 146 viruses/trojans.spyware/worms/malware per machine when I installed Eset in replacement of Symantec Corp (and Eset was 1/3 the price and 1/4 the resource requirements!) So after the 50+ machines were scanned I had a very large task of cleaning the computers. THANK YOU SYMANTEC! There were hundreds of .scr viruses on this network.
After I explained to him about my AV experience he insisted that it was impossible for them to get a virus for they are an ISP. There is no way an ISP could have a virus in the file that 500-600 people download on a weekly basis. I laughed. I asked him if he knew if Symantec or McAfee ever had viruses, he said he didn't think so. I told him he was wrong. He said "why would this file be infected, that is ridiculous". Ah the ignorance and arrogance. That would be the exact file to infect if you wanted to spread the virus as 500-600 people download and execute it each week! If your AV program warns you, you will just say "OK" because it is "trusted".
Well he got really mad and told me that he could no longer help me. he wouldn't forward me to a supervisor either. I asked his name and his supervisors name. I asked for him to have his supervisor call me. He never forwarded the message.
I asked this kid if he knew what ADS or Alternate Data Streams are. He said no. I gave a breif description and said they are used to hide files and they are given a name that seems non-malicious. You could have a filename.txt.exe the .exe is the ADS, and it is present in any NTFS filesystem. I told him he needs to respect his customers wishes when they do not want to download files that are not 100% safe and secure ESPECIALLY when they have a AV administration background and know mountains more about virus hiding and propagation than they. He gave me more lip and told me it was impossible for them to have a virus. I had enough at this point and gave up.
**** I can't believe I forgot about this. I didn't necessarily correlate this with my typing of the URL, but it was a strange coincidence.***********
About 10 mins after I ended the call, Sophos picked up a trojan in my Windows32 directory with a .scr extension. I took a screen shot of it to show tech support at a later date if they even cared.
********
I called back the next day and spoke to the boys manager. He didn't seem to concerned. I don't know what to do. If this is the attitude towards security then they are in for a fall. I don't want my network getting trashed because some 18 yr old is lazy and lets in a virus to their network and infects all their customers. The manager said that he would listen to the recording and talk to the employee. I want to know the outcome and am going to follow up.
I want this taken to their CIO because I want to know why they are sending an executable file to their customers if this is simply a speed test. It doesn't make sense. Should I download the file and post it on an AV board to see if someone can look into it and dissect it? I am thinking there may be more than meets they eye here. Also, what about an op-ed to the paper. I think people should know the mindset of their ISP.
Who should I contact at this company and how should I approach it. Am I going overboard on this or is this a legitimate complaint and concern? What are your thoughts and opinions?
Thanks for any opinions you may have.
I have a new broadband service provider (DSL) and I have been having problems with the connection speed dropping to .1Mbps and having to reboot the modem. On my 5th call to tech support I had an agent who asked me to download a special file from their server. It was supposed to be a large file and they would just see how long it took to download. I typed in the URL as he said it and when I found that it ended in .scr I told him that I wouldn't download it.
I asked him if he had ever heard of viruses in scr files and he said "never". I told him that I worked as the AV admin for a number of large companies for at least 3 years and had encountered hundreds of viruses that came from .scr files or were still hidden in scr files. That is the only reason I know the extension. This young lad became irritated, rude and semi-baligerant when I refused to download the file. he told me that the reason I had viruses was because I was using some cheap consumer AV, lol. I said "oh really". It was amazing how he know what products I supposedly administered. I then asked him what AV software his company used and he said Symantec Corp. I chuckled and said he needs to read up on his Enterprise AV solution reviews. I actually worked for 3 companies that used Symantec Corp as their AV program and found them woefully inadequate. I installed Sophos and Eset in replacement and found thousands of viruses on one companies network.
In fact, in one small company in Rancho Santa Fe, California (40 mins North East of San Diego), I found an average of 146 viruses/trojans.spyware/worms/malware per machine when I installed Eset in replacement of Symantec Corp (and Eset was 1/3 the price and 1/4 the resource requirements!) So after the 50+ machines were scanned I had a very large task of cleaning the computers. THANK YOU SYMANTEC! There were hundreds of .scr viruses on this network.
After I explained to him about my AV experience he insisted that it was impossible for them to get a virus for they are an ISP. There is no way an ISP could have a virus in the file that 500-600 people download on a weekly basis. I laughed. I asked him if he knew if Symantec or McAfee ever had viruses, he said he didn't think so. I told him he was wrong. He said "why would this file be infected, that is ridiculous". Ah the ignorance and arrogance. That would be the exact file to infect if you wanted to spread the virus as 500-600 people download and execute it each week! If your AV program warns you, you will just say "OK" because it is "trusted".
Well he got really mad and told me that he could no longer help me. he wouldn't forward me to a supervisor either. I asked his name and his supervisors name. I asked for him to have his supervisor call me. He never forwarded the message.
I asked this kid if he knew what ADS or Alternate Data Streams are. He said no. I gave a breif description and said they are used to hide files and they are given a name that seems non-malicious. You could have a filename.txt.exe the .exe is the ADS, and it is present in any NTFS filesystem. I told him he needs to respect his customers wishes when they do not want to download files that are not 100% safe and secure ESPECIALLY when they have a AV administration background and know mountains more about virus hiding and propagation than they. He gave me more lip and told me it was impossible for them to have a virus. I had enough at this point and gave up.
**** I can't believe I forgot about this. I didn't necessarily correlate this with my typing of the URL, but it was a strange coincidence.***********
About 10 mins after I ended the call, Sophos picked up a trojan in my Windows32 directory with a .scr extension. I took a screen shot of it to show tech support at a later date if they even cared.
********
I called back the next day and spoke to the boys manager. He didn't seem to concerned. I don't know what to do. If this is the attitude towards security then they are in for a fall. I don't want my network getting trashed because some 18 yr old is lazy and lets in a virus to their network and infects all their customers. The manager said that he would listen to the recording and talk to the employee. I want to know the outcome and am going to follow up.
I want this taken to their CIO because I want to know why they are sending an executable file to their customers if this is simply a speed test. It doesn't make sense. Should I download the file and post it on an AV board to see if someone can look into it and dissect it? I am thinking there may be more than meets they eye here. Also, what about an op-ed to the paper. I think people should know the mindset of their ISP.
Who should I contact at this company and how should I approach it. Am I going overboard on this or is this a legitimate complaint and concern? What are your thoughts and opinions?
Thanks for any opinions you may have.
Last edited:
