Re: Constant Guard Service Alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 09/07/2014 09:29 AM, Bat Phil wrote:
When you say you got an "alert" do you mean an e-mail or an instant message type alert?

/snip/

On 7 September 2014 13:55, Mickey <binarynut@xxxxxxxxxxx <mailto:binarynut@xxxxxxxxxxx>> wrote:

    Then as a Linux user it does not apply to me or do I have to
    remove it and How ?




    On 09/06/2014 08:47 PM, Mark Bidewell wrote:
    Interesting, I got an alert at 6:33PM.  My PCs are OSX, Linux
    Mint and SolydXK with assorted VMs.  I'm scanning, but I wonder
    if there is a malfunction as the bot detected was Windows
    related.  Go to: https://amibotted.comcast.net/.  My output reads:

    ================

    Bot Notes:

    Threat behaviors:  Downloads rootkits and steals sensitive
    information.
    Threat type (intent): Information Stealer (Information Theft &
    Sublease tool).
    Alternate names: W32.Rootkit /W32.Alureon/
    W32.Renos/W32.TDSS/W32.DNSChanger
    Threat behavior description:
    The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is
    a Master Boot Record (MBR) infector, targeting Microsoft Windows
    systems. The latest TDL rootkit is currently Version 4, and
    utilizes MBR hooking, a process that deceives a user by appearing
    to have been initially deleted. Upon a system restart, the
    rootkit/trojan is re-installed. This provides the remote attacker
    highly persistent backdoors into victim systems. Public research
    estimates the TDL/TDSS group to have been in operation since
    mid-2008.

    Observed traits:
    The TDL/TDSS rootkit has been observed spreading via spam and
    phishing e-mails. The observed stages of infection are as follows:

    Infect a victim (Stage 1) via spam, drive-by-downloads, and
    malicious attachments.Wait idle until the Stage 2 Trojan is ready
    for download.
    Load a rootkit Trojan (Stage 2).
    Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
    Infect other sites, allowing third-party access to sensitive
    information.

    Capabilities:
    After an initial infection, the Stage 2 rootkit is normally
    loaded via a fast-flux worm. Once the infection has passed to
    Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV,
    PoisonIvy, etc.) may be installed and utilized by criminal
    operators. The authors behind the RudeWarlockMob are members of a
    professional criminal organization that also offers affiliate
    funding to anonymous distribution providers, infection operators,
    and other criminals.

    Times Seen: 23


/snip/

I am not on comcast, and I use Windows only occasionally, but the question was not answered, to wit: how would someone tell if he had a rootkit in windows, and if he found out that he did, what would be the most effective way to remove it, short of reinstalling the system, of course. Preferably without
paying for the privilege!

--doug
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org




[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux