0
I work for a very large school district. I logged in at work on my Dell PC one morning and see Ultra VNC twice in my Start menu.
But let's go back to the night before I saw those eyeballs in my Start menu. The night before I logged on to my desktop email on my iMac ... it is provided by Time Warner cable. To my shock I saw all of my work email, both "new" and "sent" ... starting about mid-afternoon that day. I never sent those emails to my personal cable account email on my iMac at home.
So, I call the cable company tech support and they tell me what to look for and where to look for it at work. Lo and behold, I see the eyeball in the green square in the Start menu, twice. I never knew the district had it. I had never seen it on my start menu and after asking to the the Start menus of at least ten colleagues... "Hey, can I see your Start menu...". Well, the spy only had eyes for me.
I call district IT, the guy comes out. No virus. Then I called the District IT Security Director, and he sends an email to like... six people, all directors.
Four days later... as in today another tech comes out... a different guy this time... and he does a complete reimaging and reinstall. He doesn't tell me much. He doesn't check for a virus. He doesn't check for anything. The only thing I could get out of him was...
"Well, the bottom line here is either you opened it or someone sat here and opened it after an unsuccessful attempt to remote access your computer. Or they sat here and did something malicious and wanted to make it seem like it came from you. Or they put it on your computer thinking that would be how it works. Regardless, somebody got in and that's pretty tough because they would need to know your password, but there is no way we will be able to find out." ... Seriously?
Is there any hope that the Security Director is looking and found something wrong? Because in his email he tells those other people to do a system check, and if needed send a guy to reimage. They sent that guy today.
Do you have any thoughts?
Spied On At Work
Posted 2016-04-08T04:56:23.667
Reputation: 11
4What is the question? – Ron Maupin – 2016-04-08T05:04:30.567
Agreed, what is the question? If I were an IT director, and one of the machines I oversee got some unauthorized spy software on it, then a re-imaging would be a good way to clean it off your system. Sounds like you may have gotten some malware on the computer, which might have installed UltraVNC. This infection could have been done while your account is logged in, and doesn't necessarily indicate that anyone else knows your password. The work-E-Mails-at-home thing is rather unclear; maybe someone tried to BCC your E-Mails and botched the job. Maybe you are being scrutinized, maybe not. – TOOGAM – 2016-04-08T05:38:12.017
In the IT world, we call this a nuke-and-pave. 99% of the time it's the only way to be certain that a virus, hack, or whatever is truly gone. I hope he also reset your password. They may have remotely scanned your computer and found something, or just decided it didn't warrant more investigation; you should call the security director tomorrow. – SilverbackNet – 2016-04-08T08:54:50.000
You got hacked, they did what you expected and fixed it. Given the narrative, you're being paranoid about the wrong people. At this point, you are a liability to the security of your school district's computers. Your security practices need to come up to par if you want to continue the relationship. – Fiasco Labs – 2016-04-11T17:01:10.697