No Flash involved
Unfortunately I have come across this little blighter twice. Two seperate MAC's with the same unauthorised Proxy sitting on the network filtering away.
However this little bugger had convinced the MAC that there were no OS or software updates available for the last couple of years. Everything was fine, even with Sophos antivirus installed, it wasna working.
How was it done ?
Something took over DHCP side of the WiFi component ! Badda Boom !
All search results were being manipulated.
Trying to update Sophos returned no results via it's software.
Searching for Sophos with Google on Safari brought in dead pages with the links pointing to more search results, or Sophos pages where the links are all dead.
Meanwhile, accessing eMails and Internet shopping trips were unaffected
Clever stuff ????
I fixed the devils by dishing out fixed IP addresses for the devices and deleting the Proxy configurations and clearing caches of the browsers and temp directories on the systems. The bugger just disappeared on both devices and hasn't returned yet. Updating to the latest OS releases may have prevented re infection.
I get the feeling it was a router compromise in teh first place as the logs had all vanished. A Talk Talk router on one system and Virgin Media router on the other. Sadly I am not experienced enough to know for sure how this happened in the first place. It was aided and abetted by the User's indifference/lack of technical know how, when it comes to maintaining a device properly, or even just running anti virus software.
So many end users are in the same boat I fear.
Biting the hand that feeds IT
