Constant Guard Service Alert
Mickey
binarynut at comcast.net
Sun Sep 7 12:55:16 UTC 2014
Then as a Linux user it does not apply to me or do I have to remove it
and How ?
On 09/06/2014 08:47 PM, Mark Bidewell wrote:
> Interesting, I got an alert at 6:33PM. My PCs are OSX, Linux Mint and
> SolydXK with assorted VMs. I'm scanning, but I wonder if there is a
> malfunction as the bot detected was Windows related. Go to:
> https://amibotted.comcast.net/. My output reads:
>
> ================
>
> Bot Notes:
>
> Threat behaviors: Downloads rootkits and steals sensitive information.
> Threat type (intent): Information Stealer (Information Theft &
> Sublease tool).
> Alternate names: W32.Rootkit /W32.Alureon/
> W32.Renos/W32.TDSS/W32.DNSChanger
> Threat behavior description:
> The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is a
> Master Boot Record (MBR) infector, targeting Microsoft Windows
> systems. The latest TDL rootkit is currently Version 4, and utilizes
> MBR hooking, a process that deceives a user by appearing to have been
> initially deleted. Upon a system restart, the rootkit/trojan is
> re-installed. This provides the remote attacker highly persistent
> backdoors into victim systems. Public research estimates the TDL/TDSS
> group to have been in operation since mid-2008.
>
> Observed traits:
> The TDL/TDSS rootkit has been observed spreading via spam and phishing
> e-mails. The observed stages of infection are as follows:
>
> Infect a victim (Stage 1) via spam, drive-by-downloads, and malicious
> attachments.Wait idle until the Stage 2 Trojan is ready for download.
> Load a rootkit Trojan (Stage 2).
> Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
> Infect other sites, allowing third-party access to sensitive information.
>
> Capabilities:
> After an initial infection, the Stage 2 rootkit is normally loaded via
> a fast-flux worm. Once the infection has passed to Stage 3, various
> other threats (such as ZeusBot, Buzus, RogueAV, PoisonIvy, etc.) may
> be installed and utilized by criminal operators. The authors behind
> the RudeWarlockMob are members of a professional criminal organization
> that also offers affiliate funding to anonymous distribution
> providers, infection operators, and other criminals.
>
> Times Seen: 23
>
>
>
> On Sat, Sep 6, 2014 at 8:02 PM, Anthony Messina <amessina at messinet.com
> <mailto:amessina at messinet.com>> wrote:
>
> On Saturday, September 06, 2014 06:39:46 PM Mickey wrote:
> > Got a email from Comcast.net, saying I have a Bot on my
> Computer, and how to
> > elimnate it, Not so sure that I want to follow their directions.
> >
> > How I would I determine if this is true using Linux , I have
> Fedora 20
> > installed ?
>
> Maybe your neighbor's infected computer is borrowing your WiFi ;)
>
> In short, don't forget about other devices that may be using your
> internet
> link such as mobile phones, tablets, TVs, etc.
>
> --
> Anthony - https://messinet.com/ -
> https://messinet.com/~amessina/gallery
> 8F89 <https://messinet.com/%7Eamessina/gallery%0A8F89> 5E72 8DF0
> BCF0 10BE 9967 92DC 35DC B001 4A4E
>
> --
> users mailing list
> users at lists.fedoraproject.org <mailto:users at lists.fedoraproject.org>
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
>
>
>
> --
> Mark Bidewell
> http://www.linkedin.com/in/markbidewell
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140907/e05cbfee/attachment.html>
More information about the users
mailing list