On 09/07/2014 09:29 AM, Bat Phil wrote:
When you say you got an "alert" do you mean an e-mail or an instant
message type alert?
/snip/
On 7 September 2014 13:55, Mickey <binarynut@xxxxxxxxxxx
<mailto:binarynut@xxxxxxxxxxx>> wrote:
Then as a Linux user it does not apply to me or do I have to
remove it and How ?
On 09/06/2014 08:47 PM, Mark Bidewell wrote:
Interesting, I got an alert at 6:33PM. My PCs are OSX, Linux
Mint and SolydXK with assorted VMs. I'm scanning, but I wonder
if there is a malfunction as the bot detected was Windows
related. Go to: https://amibotted.comcast.net/. My output reads:
================
Bot Notes:
Threat behaviors: Downloads rootkits and steals sensitive
information.
Threat type (intent): Information Stealer (Information Theft &
Sublease tool).
Alternate names: W32.Rootkit /W32.Alureon/
W32.Renos/W32.TDSS/W32.DNSChanger
Threat behavior description:
The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is
a Master Boot Record (MBR) infector, targeting Microsoft Windows
systems. The latest TDL rootkit is currently Version 4, and
utilizes MBR hooking, a process that deceives a user by appearing
to have been initially deleted. Upon a system restart, the
rootkit/trojan is re-installed. This provides the remote attacker
highly persistent backdoors into victim systems. Public research
estimates the TDL/TDSS group to have been in operation since
mid-2008.
Observed traits:
The TDL/TDSS rootkit has been observed spreading via spam and
phishing e-mails. The observed stages of infection are as follows:
Infect a victim (Stage 1) via spam, drive-by-downloads, and
malicious attachments.Wait idle until the Stage 2 Trojan is ready
for download.
Load a rootkit Trojan (Stage 2).
Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
Infect other sites, allowing third-party access to sensitive
information.
Capabilities:
After an initial infection, the Stage 2 rootkit is normally
loaded via a fast-flux worm. Once the infection has passed to
Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV,
PoisonIvy, etc.) may be installed and utilized by criminal
operators. The authors behind the RudeWarlockMob are members of a
professional criminal organization that also offers affiliate
funding to anonymous distribution providers, infection operators,
and other criminals.
Times Seen: 23
/snip/
I am not on comcast, and I use Windows only occasionally, but the
question was not answered, to wit: how would someone tell if he had a
rootkit in windows,
and if he found out that he did, what would be the most effective way to
remove it, short of reinstalling the system, of course. Preferably without
paying for the privilege!
--doug
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
