Most likely is that he has a simple password and it was simply hacked. I do not think the assistant is computer savvy enough to be behind any of this. Before killing chrome, I peaked at the user account settings, and the assistant's password had not been changed since January this year. Perhaps the assistant's computer is being hacked regularly and they were trying to get back in. Why? Since we are both in the same building, both our IPs would be in a similar IP range. The only thing I can think of is that one of the sites I clicked on ran code that automatically logged into Chrome using the property manager's assistant account. I confirmed with Event Viewer that no RDP sessions were running (last one was months ago).
I also checked my main service ports using grc.com and everything is in stealth mode. I downloaded MalwareBytes and ran a scan on my C drive with it and with Symantec. There is no way anyone had physical access unless they took the master key and came in while we were asleep, but that would have been really dumb. I checked my firewall router and RDP was still disabled to the server, plus this was the admin console and why would a hacker do something so obvious? I always lock my screen (old habit) when i leave my desk, even though only my wife and I live here - and one of us is almost always home.
I could not figure out how the heck the property manager's assistant could have logged onto my server and then why he would log into chrome. 115 on my server, but it looks like it just downloaded an update. I used task manager to kill chrome immediately and it all stopped. it was the account for my property manager's assistant (I live in a condo).
Then I noticed that it was logged into a Google account. Then, all of a sudden, Chrome starting flipping pages and I had a message that Chrome was downloading and installing something. I opened a few of the search results in tabs and starting going through them. Symantec is installed (12.1.5 - yes I know it is old) and only visit green WOT sites. I have a Windows 2012 Server hosting virtual machines, but yesterday I just wanted to do a quick search on mortar types and didn't log into a VM. Something weird happened yesterday morning and I am trying to get my head around it. If what I think might have happened, actually happened, then Chrome may not be secure: I posted this on Google yesterday but I think it deserves more visibility.
0 kommentar(er)
