Re: Constant Guard Service Alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Interesting, I got an alert at 6:33PM.  My PCs are OSX, Linux Mint and SolydXK with assorted VMs.  I'm scanning, but I wonder if there is a malfunction as the bot detected was Windows related.  Go to: https://amibotted.comcast.net/.  My output reads:

================

Bot Notes: 

Threat behaviors:      Downloads rootkits and steals sensitive information.
Threat type (intent):    Information Stealer (Information Theft & Sublease tool).
Alternate names:     W32.Rootkit /W32.Alureon/ W32.Renos/W32.TDSS/W32.DNSChanger
Threat behavior description:
The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is a Master Boot Record (MBR) infector, targeting Microsoft Windows systems. The latest TDL rootkit is currently Version 4, and utilizes MBR hooking, a process that deceives a user by appearing to have been initially deleted. Upon a system restart, the rootkit/trojan is re-installed. This provides the remote attacker highly persistent backdoors into victim systems. Public research estimates the TDL/TDSS group to have been in operation since mid-2008.

Observed traits:
The TDL/TDSS rootkit has been observed spreading via spam and phishing e-mails. The observed stages of infection are as follows:

Infect a victim (Stage 1) via spam, drive-by-downloads, and malicious attachments.Wait idle until the Stage 2 Trojan is ready for download.
Load a rootkit Trojan (Stage 2).
Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
Infect other sites, allowing third-party access to sensitive information.

Capabilities:
After an initial infection, the Stage 2 rootkit is normally loaded via a fast-flux worm. Once the infection has passed to Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV, PoisonIvy, etc.) may be installed and utilized by criminal operators. The authors behind the RudeWarlockMob are members of a professional criminal organization that also offers affiliate funding to anonymous distribution providers, infection operators, and other criminals.

Times Seen: 23



On Sat, Sep 6, 2014 at 8:02 PM, Anthony Messina <amessina@xxxxxxxxxxxx> wrote:
On Saturday, September 06, 2014 06:39:46 PM Mickey wrote:
> Got a email from Comcast.net, saying I have a Bot on my Computer, and how to
> elimnate it, Not so sure that I want to follow their directions.
>
> How I would I determine if this is true using Linux , I have Fedora 20
> installed ?

Maybe your neighbor's infected computer is borrowing your WiFi ;)

In short, don't forget about other devices that may be using your internet
link such as mobile phones, tablets, TVs, etc.

--
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89
5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org




--
Mark Bidewell
http://www.linkedin.com/in/markbidewell
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux