Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 22 Oct 2014, 02:42
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Possible botnet - received notice from AT&T (SOLVED)
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
yarddog


Joined: 30 Nov 2009
Posts: 187
Location: Great Smoky Mountains, TN USA

PostPosted: Thu 02 Jun 2011, 14:19    Post_subject:  Possible botnet - received notice from AT&T (SOLVED)  

I received following from my ISP:
Quote:
IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

We have evidence which indicates that a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.

Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.

Date: (UTC) => Your IP:
2011-05-30 22:00:24 =>

IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.

We realize that in some cases this may be normal activity if you are running an IRC server, but in order to protect yourself and others, we recommend that you scan every system that utilizes your internet connection with up to date Anti-virus software.

To address this problem, and in accordance with the terms of service and acceptable use policy of your service agreement, we ask that you immediately take the following steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. https://pccheck.att.com/index.aspx?RID=AG

i am running puppy 431 full install on sda1, lucid 525 full install on sda2 and dpup 485 full install on sda3

hp pent4, 2.8 ghz, intel 82865g graphics controller, 2gb memory

have tried reformatting partitions with gparted and reloading software and still getting this notice from isp

use xchat as irc client

since i am running linux, i cannot download and run the scan tool that att suggests as it is a .exe file

what product(s) are available for me to run in linux to get rid of this problem

appreciate any suggestions

thanks
yarddog

Edited_times_total
Back to top
View user's profile Send_private_message 
James C


Joined: 26 Mar 2009
Posts: 5856
Location: Kentucky

PostPosted: Thu 02 Jun 2011, 17:17    Post_subject: Re: Possible botnet - received notice from AT&T  

yarddog wrote:
I received following from my ISP:
Quote:
IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

We have evidence which indicates that a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.

Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.

Date: (UTC) => Your IP:
2011-05-30 22:00:24 =>

IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.

We realize that in some cases this may be normal activity if you are running an IRC server, but in order to protect yourself and others, we recommend that you scan every system that utilizes your internet connection with up to date Anti-virus software.

To address this problem, and in accordance with the terms of service and acceptable use policy of your service agreement, we ask that you immediately take the following steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. https://pccheck.att.com/index.aspx?RID=AG

i am running puppy 431 full install on sda1, lucid 525 full install on sda2 and dpup 485 full install on sda3

hp pent4, 2.8 ghz, intel 82865g graphics controller, 2gb memory

have tried reformatting partitions with gparted and reloading software and still getting this notice from isp

use xchat as irc client

since i am running linux, i cannot download and run the scan tool that att suggests as it is a .exe file

what product(s) are available for me to run in linux to get rid of this problem

appreciate any suggestions

thanks
yarddog


I received the same message a couple of times here....it appears to me to be some type of a scam.

Just to be safe I did scan my Linux boxes, I use the BitDefender Rescue cd, but didn't find anything out of the norm.
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso

HTH.
Back to top
View user's profile Send_private_message 
yarddog


Joined: 30 Nov 2009
Posts: 187
Location: Great Smoky Mountains, TN USA

PostPosted: Thu 02 Jun 2011, 20:42    Post_subject: Re: Possible botnet - received notice from AT&T  

James C wrote:


I received the same message a couple of times here....it appears to me to be some type of a scam.

Just to be safe I did scan my Linux boxes, I use the BitDefender Rescue cd, but didn't find anything out of the norm.
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso

HTH.


i downloaded the rescue-cd.iso and tried to run

i have three linux partitions plus storage partition on hard drive

how do i tell bit defender which partition to scan???

i tried to run scan and received many, many permission denied messages

appreciate your help

thanks
yarddog
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Mon 06 Jun 2011, 11:17    Post_subject:  

Do you have a wireless router someone could be tapped into?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
bigpup


Joined: 11 Oct 2009
Posts: 5233
Location: Charleston S.C. USA

PostPosted: Mon 06 Jun 2011, 12:00    Post_subject:  

AT&T does not send out notices like this.
This is a scam!!
Trying to get you to download and install a botnet or something worse.
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Mon 06 Jun 2011, 12:36    Post_subject:  

bigpup wrote:
Trying to get you to download and install a botnet or something worse.


If you go to the web page, how about telling if you think it is a genuine att.com site?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 06 Jun 2011, 13:21    Post_subject:  

Even if it is a genuine site that could still be them using it and them have injected script that take you to their scam site that also looks exactly like the right one.

So these guys are very clever.

I also are very skeptical to that ATT send out such.

Do google search on the text and the url to see if others also has had these warnings.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
yarddog


Joined: 30 Nov 2009
Posts: 187
Location: Great Smoky Mountains, TN USA

PostPosted: Mon 06 Jun 2011, 21:30    Post_subject:  

Bruce B wrote:
Do you have a wireless router someone could be tapped into?

~


no wireless-
dsl cable modem only that is turned off when computer is off

yarddog
Back to top
View user's profile Send_private_message 
yarddog


Joined: 30 Nov 2009
Posts: 187
Location: Great Smoky Mountains, TN USA

PostPosted: Mon 06 Jun 2011, 21:43    Post_subject:  

bigpup wrote:
AT&T does not send out notices like this.
This is a scam!!
Trying to get you to download and install a botnet or something worse.


looks pretty realistic to me -
following is complete message received

WARNING NOTICE from AT&T Internet Services Security Center
Wednesday, June 1, 2011 11:42 AM
From:
"AT&T Internet Services Security Center" <abuse@att.net>
Add sender to Contacts

my email address omitted

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

We have evidence which indicates that a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.

Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.


Date: (UTC) => Your IP:
2011-05-30 22:00:24 =>

IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.

We realize that in some cases this may be normal activity if you are running an IRC server, but in order to protect yourself and others, we recommend that you scan every system that utilizes your internet connection with up to date Anti-virus software.

To address this problem, and in accordance with the terms of service and acceptable use policy of your service agreement, we ask that you immediately take the following steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. https://pccheck.att.com/index.aspx?RID=AG

3. If your computer(s) are personally owned, then update the security software on your system (follow the instructions on your vendor's website). You might also consider installing new security software such as AT&T Security Suite. http://www.att.net/iss (You must be logged in with the Master Account ID to download AT&T Security Suite).

4. If you are an advanced user, then consider reimaging your computer(s) and installing the necessary software patches. For less advanced users, this can be done by a third party such as AT&T Connect Tech. https://remotesupport.att.com/index.aspx AT&T Computer consultants trained to clean infected machines might also be located in your area (you can search at yp.com).

5. In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: "I am taking steps to address this infection." When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. We welcome feedback on what removal tools or method were used.

Below are some additional sites you can visit for tools or information:

Microsoft Systems Anti-virus:
http://www.microsoft.com/security_essentials/

Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx

Apple Systems Anti-virus:
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot:
http://malwarebytes.org/mbam.php
http://www.safer-networking.org/en/index.html


Regards,
AT&T Internet Services Security Center
abuse@att.net

SAFETY NOTE: We have included links in this email as a convenience. Please note that it is always safer to copy and paste URLs included in email directly into your browser to reach the referenced site.

85aqb58dd0b15179d86b6b1b5ed5962x

i have three email addresses with yahoo.com
one is on windows machine
two on puppy partitions on different pc
1 email with gmail.com, also on different pc

i only get this message to the email account that was set up when dsl modem installed on the windows machine...
please note that message indicates possibly coming from irc connection..... i use xchat only and only on linux machines

thanks
yarddog

Edited_time_total
Back to top
View user's profile Send_private_message 
yarddog


Joined: 30 Nov 2009
Posts: 187
Location: Great Smoky Mountains, TN USA

PostPosted: Mon 06 Jun 2011, 21:48    Post_subject:  

nooby wrote:
Even if it is a genuine site that could still be them using it and them have injected script that take you to their scam site that also looks exactly like the right one.

So these guys are very clever.

I also are very skeptical to that ATT send out such.

Do google search on the text and the url to see if others also has had these warnings.


results of search on text -


WARNING NOTICE from AT&T Internet Services Security Center- PHISHING EMAIL!!!
Options
* Report Inappropriate Content

10-22-2010 11:31:39 AM

Below is a copy of an email I received from "AT&T Internet Services Security Center" . I was not able to find any posting regarding this and so I called AT&T's internet tech support at 1-877-722-3755 to verify that this is in fact bogus email. Tech support said that: 1) AT&T will never link to third party websites - AT&T links to within their own website; 2) "From" email address is not legit!. I hope this info makes it easier on the next person who tries seaching this subject.....here is the email in it's entirety:

see above for complete email

thanks for suggestion
yarddog
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0915s ][ Queries: 11 (0.0077s) ][ GZIP on ]