Constant Guard Service Alert

Sun Sep 7 12:55:16 UTC 2014

Then as a Linux user it does not apply to me or do I have to remove it 
and How ?

On 09/06/2014 08:47 PM, Mark Bidewell wrote:
> Interesting, I got an alert at 6:33PM.  My PCs are OSX, Linux Mint and 
> SolydXK with assorted VMs.  I'm scanning, but I wonder if there is a 
> malfunction as the bot detected was Windows related.  Go to: 
> https://amibotted.comcast.net/.  My output reads:
>
> ================
>
> Bot Notes:
>
> Threat behaviors:  Downloads rootkits and steals sensitive information.
> Threat type (intent): Information Stealer (Information Theft & 
> Sublease tool).
> Alternate names: W32.Rootkit /W32.Alureon/ 
> W32.Renos/W32.TDSS/W32.DNSChanger
> Threat behavior description:
> The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is a 
> Master Boot Record (MBR) infector, targeting Microsoft Windows 
> systems. The latest TDL rootkit is currently Version 4, and utilizes 
> MBR hooking, a process that deceives a user by appearing to have been 
> initially deleted. Upon a system restart, the rootkit/trojan is 
> re-installed. This provides the remote attacker highly persistent 
> backdoors into victim systems. Public research estimates the TDL/TDSS 
> group to have been in operation since mid-2008.
>
> Observed traits:
> The TDL/TDSS rootkit has been observed spreading via spam and phishing 
> e-mails. The observed stages of infection are as follows:
>
> Infect a victim (Stage 1) via spam, drive-by-downloads, and malicious 
> attachments.Wait idle until the Stage 2 Trojan is ready for download.
> Load a rootkit Trojan (Stage 2).
> Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
> Infect other sites, allowing third-party access to sensitive information.
>
> Capabilities:
> After an initial infection, the Stage 2 rootkit is normally loaded via 
> a fast-flux worm. Once the infection has passed to Stage 3, various 
> other threats (such as ZeusBot, Buzus, RogueAV, PoisonIvy, etc.) may 
> be installed and utilized by criminal operators. The authors behind 
> the RudeWarlockMob are members of a professional criminal organization 
> that also offers affiliate funding to anonymous distribution 
> providers, infection operators, and other criminals.
>
> Times Seen: 23
>
>
>
> On Sat, Sep 6, 2014 at 8:02 PM, Anthony Messina <amessina at messinet.com 
> <mailto:amessina at messinet.com>> wrote:
>
>     On Saturday, September 06, 2014 06:39:46 PM Mickey wrote:
>     > Got a email from Comcast.net, saying I have a Bot on my
>     Computer, and how to
>     > elimnate it, Not so sure that I want to follow their directions.
>     >
>     > How I would I determine if this is true using Linux , I have
>     Fedora 20
>     > installed ?
>
>     Maybe your neighbor's infected computer is borrowing your WiFi ;)
>
>     In short, don't forget about other devices that may be using your
>     internet
>     link such as mobile phones, tablets, TVs, etc.
>
>     --
>     Anthony - https://messinet.com/ -
>     https://messinet.com/~amessina/gallery
>     8F89 <https://messinet.com/%7Eamessina/gallery%0A8F89> 5E72 8DF0
>     BCF0 10BE 9967 92DC 35DC B001 4A4E
>
>     --
>     users mailing list
>     users at lists.fedoraproject.org <mailto:users at lists.fedoraproject.org>
>     To unsubscribe or change subscription options:
>     https://admin.fedoraproject.org/mailman/listinfo/users
>     Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>     Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>     Have a question? Ask away: http://ask.fedoraproject.org
>
>
>
>
> -- 
> Mark Bidewell
> http://www.linkedin.com/in/markbidewell
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140907/e05cbfee/attachment.html>