Infection

What a waste yesterday was!  I got the latest monthly bill from my Internet provider and my charges were unreasonably high compared to what I usually pay.  After putting in a call to them, I was told that it was all due to usage and that my upload was way over my normal limit for the month.

Now even though I've been cooped up most of the time since my transformation and I've spent a good deal of time researching on the Internet, I knew that there was no way that I'd generated that much upload traffic.  So I started to dig into my computers to see if something else was going on.

Now being that I'm an I.T. guy by profession -- sorry, I guess I should use a more gender-neutral term like "geek" now -- I'm very careful about security on my systems.  I have anti-virus and anti-spyware software running on both of the notebooks and the server on my network along with firewall software and a hardware firewall just to be sure.  Of course, I also realize that any system is susceptible to being breached no matter how tight the security is.

So it took me about an hour and a half of digging through logs, looking for unusual activity and unusual processes before I finally found something out of the ordinary.  Once I discovered it, I was able to Google it to find out more information.  It turned out to be a particularly nasty piece of spyware that was installed at the kernel level which seems to be why none of my detection software picked it up.  According to the information I found on it, it's a keylogger and screenlogger, which means it captures all keystrokes and even gets screenshots of anything I'm looking at on my screen.  And all of that is being uploaded behind the scenes to some remote FTP site that I couldn't track down, which explained why my upload traffic was so high this month, since it must have been constantly posting data.

As soon as I found the spyware, I disconnected all computers from my network to isolate them.  It turned out that both notebooks were infected.  Unfortunately there was no way I could find to  remove the spyware adequately.  So I ended up spending the better part of the day reformatting and reinstalling both computers, along with all of my applications, and restoring all of my old data.  But since this was a keylogger, I also had to go through all of my personal and online accounts to change logins and passwords so the old ones couldn't be exploited.  Who knows who might have access to my passwords and accounts?

I really don't know how I could have gotten infected like this.  I'm very careful with attachments and websites, but I guess it's hard to keep track of all of the potential risks.  There's always new badness out there.

I thought that I was pissed off about the whole situation but, by comparison, Evan completely freaked out when I told him.  He'd called me up to see if I wanted to go out again.  While we were talking, I'd mentioned what I was going through and he got more upset than I've ever heard him.  I was a little taken aback at how strong his reaction was.  He kept going on about how I had to get rid of the spyware, even to the extent of suggesting that I buy a new computer, just to be sure.  I reassured him that I had everything under control and that I knew what I was doing, but he seemed to be questioning whether I'd be able to rid myself of the spyware entirely.  Even though he knows that I'm in I.T., I wonder if maybe he's being influenced by the stereotype of I.T. being a man's world.  Or maybe I'm just imagining things and he's really just worried about me.

I managed to talk him off the ledge, letting him know that everything was in good hands.  He eventually told me that he'd had issues with his bank card being compromised in the past, so he's always been cautious of exposing personal information.  He just wanted to make sure that this didn't happen to me. But even afterward, he seemed a little distant so I think it was still on his mind.

I've double-checked and everything's clean with my computers now.  But I just wish I knew where this could have come from in the first place.