Skip to main content

TIFU by inadvertently installing a Trojan on my work PC

Obligatory not today, but it blew up in my face not too long ago. It's gonna be a long story so hang tight.

Back when COVID was still a menace, people were losing jobs, I was fortunate enough to be hired as a permanent staff for a BPO (Business Process Outsourcing) company. Basically being assigned to complete tasks on behalf of mainly-IT clients. Best thing was, we had our own workstations so no need to share places with others. Funnily enough, the company assigned 1 staff as the IT guy. You heard it, ONE.

I was looking for passive income apps to supplement my income. The setup-and-forget ones which surprisingly do work, and one of them was having to install an app that rents out your Internet bandwidth/ mobile data for cash. After all, we have an abundance of them so why not earn a few bucks along the way?

I won't say the name, but you'll find out from a simple Google search.

Now that's when I fucked up big time. Having installed them on my phones and home desktop, I decided to do it on my workstation as well. Remembered the company only hired 1 person to handle the IT matters? As the workstations are setup to prompt for a password whenever a new or unknown apps is installed, the same password has been shared around and he likely couldn't discourage the password sharing since security was so lax.

Hence, it was running for roughly 2 years without any issues (or so I thought) so I could get those few extra pennies. Also, the antivirus never triggered any alarm since such app typically do not perform any mining activities.

Fast forward to this year (Q2). I was minding my own business when suddenly the PM called me to the meeting room. Sitting inside were a few IT staffs from another branch, including the one from mine. Something was definitely about to go down. Then one of them asked, "Have you heard of this (passive app)?".

My heart sank. Told them yes and the reason I installed it and how long it was there.

They: "Are you aware that this thing is a Trojan horse?"

FUCK.

Me: "I was never aware of it being one. It simply rents out those extra bandwidth for some extra cash. That's what it has been doing on my personal devices for a few years now. Never had any issues."

So I showed them the website and the contents while explaining the concept of bandwidth renting. Different clients utilize the bandwidth as a cloud-service for their business goals.

They: "Well, the reason why we called you here was because we received notifications that this app has been breaching our network security with malicious requests/ attacks tracing back to your PC. Some malicious actors have decided to utilize our network resources for their own agenda"

Me: "So within these two years, when did the alerts start showing up?"

They: "Roughly 1 month back" \proceeded to show me the logs with my name clearly in CAPS, and the mitigated attacks directed towards our client's network**

At that point, I had nothing left to say. The onus was on me. Should have never used the company's resources for personal gain, let alone installed such thing. After the meeting concluded, the staffs took photos of my workstation as evidence. Afterward, I uninstalled it on my personal devices and desktop.

I apologized profusely to the PM and my coworkers. The PM pulled me aside and expressed his disappointment in my actions, but would try to fight for my case as we were on good terms. Just be prepared, he told me.

The day after, and the company's show cause letter appears in my inbox. I penned one reply expressing my naivety and regret over my actions and sent it back. It's just a matter of time before I could lose my job.

Another few days go by and the verdict finally was in. I would NOT be fired, but issued a warning letter instead. Thanked my lucky stars, and swore to never install those shit again. Crisis averted.

TL;DR: Installed a passive money making app on my work PC which turned out to be "malicious", company security got involved and I nearly got fired.

Labels:

Comments

Post a Comment

Popular posts from this blog

TIFU - Don’t do what I did

On Sunday morning Aug. 24th, I awoke to discover a large blind spot in my right eye, which turned out to be what is called wet age-related macular degeneration (AMD). It has resulted in a very significant, permanent loss of vision in that eye. Although I maintain good peripheral vision, whatever I focus on at best is very blurry, and mostly disappears. I can barely make out the large E at the top of the eye chart. If this happens to my left eye I’ll be unable to read or drive. It turns out that I missed the opportunity that I had to prevent this from becoming a serious problem because I failed to report what appeared to be minor changes in my vision. In the weeks prior to August I had noticed that what I knew to be straight lines appeared to my right eye to have a little waviness. I also noticed that the color of my front lawn, which I could see through the window from my recliner,  was subdued, looked almost gray, in my right eye. So I scheduled an eye exam, which revealed the p...
Post a Comment
Read more

TIFU by getting suspended for 2 days by my front office in school.

I (13M) am an African American student at Jeannette junior high who had got suspended for 2 days here. I was in math class minding my business until my teacher had told me to go to the main office, which posed no problem to me. As i went down there, the people of the front office had stopped me and made me get a new ID (yes, we have id's.) so i had asked them if i could maybe do a different alternative and call my mother to let her bring the Id here, even then, the Id isn't that important. So, although i was talking to them in a calm manner and not showing any signs of rebellion, they had threatened to call the police on me without thinking twice before calling my parents. This is where i started getting angry, and even then now the black peers agree that could have been a racially motivated action. They then told me to sit in the office conference room because of that, leading into more anger. They had then called my mother who had came over to the school didn't even let ...
Post a Comment
Read more

TIFU by putting my already skinny jeans in the dryer on high heat.

TL;DR: Was stupid and didn't realize I put my clothes on extra high heat in the dryer. Had to rock skintight skinny jeans all day with tighty whities (only clean pair I had since I procrastinate doing laundry like crazy). I guess the constant wedgies and squishing are punishment for my stupidity. Honestly don’t know who else to blame but myself for this. I’m a scatterbrained guy so I literally put the highest setting on a load with most of my clothes, and my skinny jeans that I was planning to wear today. You can probably already see where this is going, but somehow I didn’t. For context, these jeans were already pushing the limits of what could reasonably be called wearable. They fit, technically, but only in the sense that I could get them on with enough determination and a bit of strategic breathing. Sitting down in them was more of a commitment than a casual action. Still, they looked good, and I had convinced myself that discomfort was just part of the aesthetic. So this m...
Post a Comment
Read more