Network Drama

Kinja'd!!! "TheRealBicycleBuck" (therealbicyclebuck)
08/18/2017 at 10:42 • Filed to: None

Kinja'd!!!0 Kinja'd!!! 9
Kinja'd!!!

No, not that kind!

I received an e-mail from my ISP last night:

“Dear Subscriber,

[We have] identified that one or more of the computers behind your cable modem are likely infected with the Zeus Trojan/bot, also known as Zbot.

While this malicious software is not new, it still poses a great risk to your computer and files that reside on your hard drive.

Zeus malware uses keylogging in order to access user names and passwords and infected over 13 million computers worldwide.

We recommend you take the following action:”

This letter reeks of a phishing scheme, so I went to their website and looked up the support page they linked to in the letter (I didn’t click on their link, I searched for it on their site). That part was legit, so I pressed on.

To me, their letter suggests that one or more of the computers in my home network is infected and that they detected network traffic going back to the command/control server associated with this bot. So, I got to work. I started by scanning the four active systems on my network. Then I started digging through the network logs for unusual activity. Several hours later... nothing. No evidence. Nada. Zip.

So I contact them first thing this morning. I figured they have seen network activity that indicates an infection and that it is somehow slipping through the logs or I’m not recognizing it for what it is. I start with an online chat. I ask them to take a look at their logs and see if there’s been any activity in the last 12 hours. They tell me to install their version of Norton Anti-virus. I tell them I already have anti-virus tools and don’t need their version. They insist. I say no. They ask me to call instead of chat.

So I called.

I spoke with a tech and explained the situation. I asked her to take a look at the logs. She asked me to install their anti-virus software. What? No. I already have what I need. I ask what they saw in the network traffic to indicate that one of my systems is infected. She says that they haven’t detected anything coming out of my network. I ask what prompted them to send that e-mail. It’s pretty clear from the wording that something “behind” my cable modem is showing signs of being infected.

Um, no.

What they meant by “behind” my cable modem is their network, not mine. They have NO evidence that anything in my network is infected. That’s a relief! But what is going on here?

It turns out that they are just fishing, trying to get their subscribers to install some protection. Laudable goal, terrible implementation.

I decided to rewrite their letter for them. Here’s how I think it should go:

“Dear Subscriber,

We have a number of subscribers who have not installed any form of anti-virus software and have detected activity from the Zeus Trojan/bot, also known as Zbot, on our network.

While this malicious software is not new, it still poses a great risk to your computer and files that reside on your hard drive if your system is not protected. To protect our customers and our network, we provide free anti-virus software which you can download at the links below.

This makes it clear that the ISP’s network is compromised and that subscribers have access to free tools to protect themselves.

Watch out Oppo. They’re watching you.


DISCUSSION (9)


Kinja'd!!! BaconSandwich is tasty. > TheRealBicycleBuck
08/18/2017 at 10:48

Kinja'd!!!0

Who’s your ISP?


Kinja'd!!! TheRealBicycleBuck > BaconSandwich is tasty.
08/18/2017 at 10:49

Kinja'd!!!0

Cox.


Kinja'd!!! Rust and Dust - Oppositelock Forever > TheRealBicycleBuck
08/18/2017 at 10:51

Kinja'd!!!2

Cox Communications pulled that same trick with me about a year ago.


Kinja'd!!! R Saldana [|Oo|======|oO|] - BTC/ETH/LTC Prophet > TheRealBicycleBuck
08/18/2017 at 11:12

Kinja'd!!!0

lol at users who use software for anti-virus/malware.

Please to using an old computer for a pfsense router and use an appliance as your antivirus.

I like trapping incoming malware and DNS attcks in a neverending pit of fake IP addresses.


Kinja'd!!! TheRealBicycleBuck > R Saldana [|Oo|======|oO|] - BTC/ETH/LTC Prophet
08/18/2017 at 11:31

Kinja'd!!!0

I have a network appliance behind the modem and all content is routed through another system so I can monitor traffic.

The biggest danger to our network is the two school-issued laptops the kids bring home every day. I have a secondary network just for those.


Kinja'd!!! PS9 > TheRealBicycleBuck
08/18/2017 at 11:32

Kinja'd!!!2

Not very friendly in the digital age.


Kinja'd!!! Maxima Speed > TheRealBicycleBuck
08/18/2017 at 12:00

Kinja'd!!!0

Is that Arielle Vandenburg? Oh wait I just admitted to watching vines........


Kinja'd!!! Chariotoflove > TheRealBicycleBuck
08/18/2017 at 13:47

Kinja'd!!!1

Lousy way to try and strong-arm customers. People rarely understand the need for protection. When I was at Umich, the IT department had a custom connectivity bundle installed that would install everything you need to get on their network, including anti-virus software. They made it easy, and it worked. That’s the only way. Make it easy.


Kinja'd!!! R Saldana [|Oo|======|oO|] - BTC/ETH/LTC Prophet > TheRealBicycleBuck
08/18/2017 at 14:47

Kinja'd!!!1

that DMZ tho :)