You are here: Home / Archives for virus

ISP Customer Security Assurance Notice

March 9, 2011 By Leave a Comment

Many Internet Service Providers are cracking down on spam, Denial of Service, and Phishing attempts across their network. This is an effort to protect customers on the network, and to protect business interests reliant on the network for secure communications. Companies have implemented safeguards and other new programs to try and reduce the amount of traffic to known malicious IP addresses.

Comcast recently launched their Constant Guard notification program which monitors network traffic for activity to known malicious IP addresses. After 5 hits, an automated email or voice mail is sent to the customer indicating: The Constant Guard Service has identified one or more of your computers may be infected with a Bot (Virus). Some customers may think the Constant Guard notification is a scam, but in fact, this is a global attempt to help customers protect their secure information, and a requirement as per most network provider’s customer terms of use service agreement. In other words, ISPs actually have the right to turn-off network connectivity to devices known to be particpiating in malicious activity, whether the end-user is aware of this activity or not.

Road Runner, Charter, Comcast, and others have and often will disable Port 25 traffic for high levels of malicious activity. Port 25 is typically used for SMTP email, so depending on how a user checks their email or whether they use SSL or webmail, will decide the impact of such service changes.

Understaning A Bot:
Under these circumstances, a Bot is more the type of activity a virus is participating in rather than the actual type of virus itself, since multiple malicious entries will perform bot-like behaviour.  A Constant Guard type notification or port 25 block can be one of many issues such as:

  • Phishing.  Gathering information about your computer preferences, browsing, and applications and sending to a central server.
  • Key-Loggers.  Attempts to gather personal and important information by monitoring key-strokes, extracting information such as login IDs, password, SSN, Credit card #s, etc and sending to a central server.
  • Rogue Security or Rogue AV.  Viruses providing fake scans and alerts to get you to purchase fraudulent system tool applications
  • Backdoor Attacks (outbound)
  • Malformed Traffic (outbound)
  • Database Attacks (outbound)
  • Denial Of Service Attacks (DOS, and DDOS).  Using your computer to actively send DOS attacks to central servers, businesses, networks or government agencies
  • Spam and Propogation (outbound)

Share
Filed Under: Technology, Virus Removal Guides Tagged With: , , , , ,

FFsearcher Click Fraud Trojan Virus

December 22, 2010 By Leave a Comment

FFsearcher and other related Click Fraud Viruses are viruses that hijack your internet search capability. Most often, these types of viruses will allow you to launch your browser and search with your most popular search engine (like google) but the results you see will be hijacked and biased. So in many cases, it is often hard to tell you are actually infected. The search page will look just like a normal search result page, but the actual clickable links will be different and/or will redirect you to different, bogus websites rather than the site listed in the results. The normal checks of Hosts file, HJT, and scanners such as MBAM will appear to be clean.  You may notice the ‘auto-complete’ function changes as you type, to a popular search engine. [Read more...]

Share
Filed Under: Virus Removal Guides Tagged With: , , , , , , ,

MBAM and other scans shutdown, rogue antivirus2010

October 28, 2010 By 2 Comments

I’ve seen 2 systems with what appears to be the same infection.

Initial Symptoms:
Malwarebytes and other scanning tools are shut down and admin permissions removed after launching.
Slow, unresponsive, and/or unstable.
Rogue Antivirus2010 Popups, etc. [Read more...]

Share
Filed Under: Virus Removal Guides Tagged With: , , , , , , , ,

Stuxnet Virus Detection and Removal

October 13, 2010 By 1 Comment

Stuxnet is a unique virus that has hit the ground running, globally.  Research and some speculation indicates that this virus might have been developed specifically to target Iranian Power Production core systems, specifically in their nuclear program.  This is evident by its geographical starting point, and expert examination fo what the virus does once installed.  Since its first appearance though, Stuxnet has gradually made its way around the globe and its presence is being noted in personal computers everywhere now. [Read more...]

Share
Filed Under: Virus Removal Guides Tagged With: , , , , , , ,