[olug] Fwd: [10.17.2016 34620193] Compromised Computer Notification from Cox Communications

Rob Townley rob.townley at gmail.com
Mon Oct 17 18:56:14 CDT 2016 

Kaspersky describes a bootkit:

"A *bootkit* is a type of malware that infects the Master Boot Record
(MBR). This infection method allows the malicious program to be executed
before the operating system boots".  Aug 28, 2013

On Oct 17, 2016 6:52 PM, "Rob Townley" <rob.townley at gmail.com> wrote:

Any virtual windows machines?
Guest WiFi users running Windows?
Laptop borrowed from work?

On Oct 17, 2016 4:10 PM, "Justin Reiners" <justin at hotlinesinc.com> wrote:

Joesph,


FYI, when I was hacked years ago, they created a hidden user, make sure you
check /etc/passwd, and do a netstat -tulpn to see if there are any
unrecognized services running. What services does your infected box run?
are they running OK?

feel free to contact me directly if you need any help with it.

On Mon, Oct 17, 2016 at 4:05 PM, Joseph Gulizia <joseph.gulizia at gmail.com>
wrote:

> Thanks.  I'll give it a shot.
>
> Joe
>
> On Mon, Oct 17, 2016 at 4:04 PM, Justin Reiners <justin at hotlinesinc.com>
> wrote:
>
> > Joseph,
> >
> > rkhunter works well. its in the ubuntu repo
> >
> >
> > On Mon, Oct 17, 2016 at 4:02 PM, Joseph Gulizia <
> joseph.gulizia at gmail.com>
> > wrote:
> >
> > > Lou,
> > >
> > > These all appear to be Windows only fixes.  I AM not running Windows.
> I
> > > have heard that rootkits can get on Linux systems, I want to know how
> to
> > > remove from them if need be.
> > >
> > > On Mon, Oct 17, 2016 at 1:34 PM, Lou Duchez <lou at paprikash.com> wrote:
> > >
> > > > The good news about malware these days is, their goal isn't to break
> > your
> > > > computer, just to hijack it. That means it may be fixable.
> > > >
> > > > I recommend:
> > > >
> > > > 1) Disconnect the offending (Windows, presumably) computer from the
> > > > Internet.
> > > >
> > > > 2) Download VIPRE Rescue onto a flash drive on another computer:
> > > >
> > > > https://www.vipreantivirus.com/support.aspx#vp-Rescue
> > > >
> > > > 3) Take the flash drive to the compromised computer and try to
> > disinfect
> > > > it.
> > > >
> > > > I haven't done battle with rootkits in a few years, but let VIPRE
> > Rescue
> > > > take a crack at it.  If it can do its thing, and then a second scan
> > comes
> > > > back clean, you may well be fixed.
> > > >
> > > >
> > > > Also, a good utility to have is HiJackThis, a utility to let you see
> > what
> > > > Windows is loading up, and more importantly you can tell Windows
what
> > to
> > > > stop loading:
> > > >
> > > > https://sourceforge.net/projects/hjt/
> > > >
> > > >
> > > >
> > > > Got one of these emails today.  First one ever.
> > > >>
> > > >> Called Cox they said it's not spam.
> > > >>
> > > >> Interesting.
> > > >>
> > > >> Joe
> > > >>
> > > >> ---------- Forwarded message ----------
> > > >> From: Cox Customer Safety <abuse at cox.net>
> > > >> Date: Mon, Oct 17, 2016 at 8:52 AM
> > > >> Subject: [10.17.2016 34620193] Compromised Computer Notification
> from
> > > Cox
> > > >> Communications
> > > >> To: Me
> > > >>
> > > >>
> > > >> Dear Subscriber,
> > > >>
> > > >> Cox has identified that one or more of the computers in your home
> may
> > be
> > > >> infected with the Alureon / TDSS Virus.
> > > >>
> > > >> Viruses can take control of your PC and gather your personal
> > information
> > > >> such as passwords and credit card numbers, putting your data at
risk
> > > >>
> > > >> The following FREE security tools could help you detect and remove
> > > >> infections from your systems:
> > > >> The Microsoft Safety Scanner
> > > >> http://www.microsoft.com/security/scanner/
> > > >>
> > > >> Norton Power Eraser
> > > >> http://security.symantec.com/nbrt/npe.aspx
> > > >>
> > > >> Cox Security Suite Plus powered by McAfee is included FREE with
your
> > Cox
> > > >> High Speed Internet service.  This software can be used to help
> > protect
> > > >> up-to 5  devices in your home, including Windows and Mac OS
> computers,
> > > and
> > > >> Android and Apple tablets and smartphones.
> > > >> To get started, simply browse to www.cox.com/securitysuite and
> login
> > > with
> > > >> your Cox primary User ID and Password.
> > > >> If you already have an Anti-virus solution installed, you should
> refer
> > > to
> > > >> your software manual before installing the Cox Security Suite.
> > > >>
> > > >> If you need additional support, Cox offers premium technical
support
> > at
> > > >> reasonable rates.
> > > >> Visit Cox Tech Solutions at https://secure.coxtechsolutions.com/ or
> > > call
> > > >> 877.TEC.SOLV (832.7658) to get started.
> > > >>
> > > >> If you would like additional information on the Alureon / TDSS
> Virus:
> > > >> http://www.microsoft.com/security/portal/threat/
> > > >> encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fAlureon.H
> > > >>
> > > >> If you have any questions regarding this matter, you may call Cox
> > > Customer
> > > >> Safety at 800-753-6085.
> > > >>
> > > >> Regards,
> > > >>
> > > >> Cox Customer Safety
> > > >> _______________________________________________
> > > >> OLUG mailing list
> > > >> OLUG at olug.org
> > > >> https://lists.olug.org/mailman/listinfo/olug
> > > >>
> > > >
> > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list