[olug] Fwd: [10.17.2016 34620193] Compromised Computer Notification from Cox Communications
Jason Troy
jason.troy at gmail.com
Tue Oct 18 09:45:29 CDT 2016
Joe,
Sounds like you might benefit from sniffing some network traffic to see
where the source host/adapter is located.
Good luck
-- JT
On Tue, Oct 18, 2016 at 9:36 AM, Joseph Gulizia <joseph.gulizia at gmail.com>
wrote:
> Virtual Machines...no.
> Guest WIFi users...no
> Laptop from work...no
>
> On Mon, Oct 17, 2016 at 6:52 PM, Rob Townley <rob.townley at gmail.com>
> wrote:
>
> > Any virtual windows machines?
> > Guest WiFi users running Windows?
> > Laptop borrowed from work?
> >
> > On Oct 17, 2016 4:10 PM, "Justin Reiners" <justin at hotlinesinc.com>
> wrote:
> >
> > Joesph,
> >
> >
> > FYI, when I was hacked years ago, they created a hidden user, make sure
> you
> > check /etc/passwd, and do a netstat -tulpn to see if there are any
> > unrecognized services running. What services does your infected box run?
> > are they running OK?
> >
> > feel free to contact me directly if you need any help with it.
> >
> > On Mon, Oct 17, 2016 at 4:05 PM, Joseph Gulizia <
> joseph.gulizia at gmail.com>
> > wrote:
> >
> > > Thanks. I'll give it a shot.
> > >
> > > Joe
> > >
> > > On Mon, Oct 17, 2016 at 4:04 PM, Justin Reiners <
> justin at hotlinesinc.com>
> > > wrote:
> > >
> > > > Joseph,
> > > >
> > > > rkhunter works well. its in the ubuntu repo
> > > >
> > > >
> > > > On Mon, Oct 17, 2016 at 4:02 PM, Joseph Gulizia <
> > > joseph.gulizia at gmail.com>
> > > > wrote:
> > > >
> > > > > Lou,
> > > > >
> > > > > These all appear to be Windows only fixes. I AM not running
> Windows.
> > > I
> > > > > have heard that rootkits can get on Linux systems, I want to know
> how
> > > to
> > > > > remove from them if need be.
> > > > >
> > > > > On Mon, Oct 17, 2016 at 1:34 PM, Lou Duchez <lou at paprikash.com>
> > wrote:
> > > > >
> > > > > > The good news about malware these days is, their goal isn't to
> > break
> > > > your
> > > > > > computer, just to hijack it. That means it may be fixable.
> > > > > >
> > > > > > I recommend:
> > > > > >
> > > > > > 1) Disconnect the offending (Windows, presumably) computer from
> the
> > > > > > Internet.
> > > > > >
> > > > > > 2) Download VIPRE Rescue onto a flash drive on another computer:
> > > > > >
> > > > > > https://www.vipreantivirus.com/support.aspx#vp-Rescue
> > > > > >
> > > > > > 3) Take the flash drive to the compromised computer and try to
> > > > disinfect
> > > > > > it.
> > > > > >
> > > > > > I haven't done battle with rootkits in a few years, but let VIPRE
> > > > Rescue
> > > > > > take a crack at it. If it can do its thing, and then a second
> scan
> > > > comes
> > > > > > back clean, you may well be fixed.
> > > > > >
> > > > > >
> > > > > > Also, a good utility to have is HiJackThis, a utility to let you
> > see
> > > > what
> > > > > > Windows is loading up, and more importantly you can tell Windows
> > what
> > > > to
> > > > > > stop loading:
> > > > > >
> > > > > > https://sourceforge.net/projects/hjt/
> > > > > >
> > > > > >
> > > > > >
> > > > > > Got one of these emails today. First one ever.
> > > > > >>
> > > > > >> Called Cox they said it's not spam.
> > > > > >>
> > > > > >> Interesting.
> > > > > >>
> > > > > >> Joe
> > > > > >>
> > > > > >> ---------- Forwarded message ----------
> > > > > >> From: Cox Customer Safety <abuse at cox.net>
> > > > > >> Date: Mon, Oct 17, 2016 at 8:52 AM
> > > > > >> Subject: [10.17.2016 34620193] Compromised Computer Notification
> > > from
> > > > > Cox
> > > > > >> Communications
> > > > > >> To: Me
> > > > > >>
> > > > > >>
> > > > > >> Dear Subscriber,
> > > > > >>
> > > > > >> Cox has identified that one or more of the computers in your
> home
> > > may
> > > > be
> > > > > >> infected with the Alureon / TDSS Virus.
> > > > > >>
> > > > > >> Viruses can take control of your PC and gather your personal
> > > > information
> > > > > >> such as passwords and credit card numbers, putting your data at
> > risk
> > > > > >>
> > > > > >> The following FREE security tools could help you detect and
> remove
> > > > > >> infections from your systems:
> > > > > >> The Microsoft Safety Scanner
> > > > > >> http://www.microsoft.com/security/scanner/
> > > > > >>
> > > > > >> Norton Power Eraser
> > > > > >> http://security.symantec.com/nbrt/npe.aspx
> > > > > >>
> > > > > >> Cox Security Suite Plus powered by McAfee is included FREE with
> > your
> > > > Cox
> > > > > >> High Speed Internet service. This software can be used to help
> > > > protect
> > > > > >> up-to 5 devices in your home, including Windows and Mac OS
> > > computers,
> > > > > and
> > > > > >> Android and Apple tablets and smartphones.
> > > > > >> To get started, simply browse to www.cox.com/securitysuite and
> > > login
> > > > > with
> > > > > >> your Cox primary User ID and Password.
> > > > > >> If you already have an Anti-virus solution installed, you should
> > > refer
> > > > > to
> > > > > >> your software manual before installing the Cox Security Suite.
> > > > > >>
> > > > > >> If you need additional support, Cox offers premium technical
> > support
> > > > at
> > > > > >> reasonable rates.
> > > > > >> Visit Cox Tech Solutions at https://secure.
> coxtechsolutions.com/
> > or
> > > > > call
> > > > > >> 877.TEC.SOLV (832.7658) to get started.
> > > > > >>
> > > > > >> If you would like additional information on the Alureon / TDSS
> > > Virus:
> > > > > >> http://www.microsoft.com/security/portal/threat/
> > > > > >> encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fAlureon.H
> > > > > >>
> > > > > >> If you have any questions regarding this matter, you may call
> Cox
> > > > > Customer
> > > > > >> Safety at 800-753-6085.
> > > > > >>
> > > > > >> Regards,
> > > > > >>
> > > > > >> Cox Customer Safety
> > > > > >> _______________________________________________
> > > > > >> OLUG mailing list
> > > > > >> OLUG at olug.org
> > > > > >> https://lists.olug.org/mailman/listinfo/olug
> > > > > >>
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list