Crypte Locker and Botnets and ATT
Had a fight with Cryptolocker...client had to pay the ransom as no backups...
Next day I get this email from ATT....
So my question is this...
1. Is this a legitimate ATT email...???
2. I am assuming the botnet is coming from the laptop I was getting decrypted as the
time indicated in the email is when Crypto was de-crypting the data...
3. So I am assuming that while Crypto was de-crypting they were also installing
a botnet...
My first post on this Crypto issue....
https://www.experts-exchange.com/questions/28297517/Crypto-Locker-help.html
Appreciate any help, thoughts and ideas...
Thanks
Steve
Sent from
AT&T IISS Network Security [netsec@att.net]
(I have deleted my IP address in the email...but the IP address ATT states in the email is my correct IP)
Content-Type: multipart/alternative; boundary="boundary-696481"
Message-Id: <mailbox-5096-1385055410-4
Date: Thu, 21 Nov 2013 12:36:50 -0500
MIME-Version: 1.0
--boundary-696481
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding:
Important computer safety notice from AT&T Internet Services Security Center - Bot Traffic Detected
Site ID: 062284680
Primary Account Holder: AT&T Uverse customer
Dear AT&T Uverse customer (Primary Account Holder),
AT&T has received information indicating that a device using your Internet connection may be infected with malicious software.
Internet traffic consistent with an infection was observed at Wed,
20 Nov 2013 12:29:58 +0000 from the IP address 1xx.2xx.1xx.xx. Our records indicate that this IP address was assigned to you at this time.
The information indicates that your Internet connection was being used to provide DNS services to a zombie computer network, also known as a Botnet. Infection details:
Type: Ransomware
Source port: 55946
Destination IP: 87.xx.xx.229
Destination port: 80
Botnets are networks of compromised computers under the control of a hacker or group of hackers. Botnets are often used to conduct various attacks ranging from denial of service attacks on websites, to spamming, click fraud, and distribution of malicious software.
To address this problem we ask that you immediately take the following steps to secure your network:
1. If your computer(s) are managed by an Information Technology
(IT) group at your place of work, then contact them
immediately.
2. AT&T offers a free online scan tool PC Health Check that will
scan for virus/spyware activity at https://pccheck.att.com/.
3. If your computer(s) are personally owned, then update the
security software on your system (follow the instructions on
your vendor's website). You might also consider installing new
security software such as AT&T Security Suite; see
http://www.att.net/iss. (You must be logged in with the Master
Account ID to download AT&T Security Suite).
4. If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. If
you prefer, this can be done by a third party such as AT&T
Connect Tech; see https://remotesupport.att.com/index.aspx.
AT&T Computer consultants trained to clean infected machines
may also be located in your area.
5. In all cases, please respond by forwarding this email to
abuse@att.net with an acknowledgement of: ?I am taking steps to
address this infection.? When we receive such an
acknowledgment, we can maintain the high quality of service you
expect from us. We welcome feedback on what removal tools or
methods were used.
Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to http://www.corp.att.com/aup.
Below are some additional sites you can visit for tools or
information:
* AT&T PC Health Check: https://pccheck.att.com/
* Microsoft Security Essentials:
http://www.microsoft.com/security_essentials/
* Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/
* OS X Gatekeeper: http://support.apple.com/kb/HT5290
We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot:
* http://malwarebytes.org/mbam.php
* http://www.safer-networking.org/en/index.html
Regards,
AT&T Internet Services Security Center
DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, ?the Software?). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or
software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.
?2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Privacy Policy (Updated 06-29-13)
--boundary-696481
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><title>I
<style></style>
</head>
<table bgcolor="#ededed" width="100%" border="0">
<tr>
<td style="padding: 30" align="center">
<center>
<table class="html_email_containe
<tr>
<td style="font: 20px Verdana;height:42; padding: 15px 0 0 15px;">
<a href="http://www.att.com/" style="color:#067ab4 !important"><img src="http://www.att.com/Common/images/email/service/emaillogo.gif" width="91" height="42" border="0"></a>
<img src="http://www.att.com/Common/images/email/service/email1_attorange.jpg" width="590" height="11" border="0">
<table width="590">
<tr>
<td valign="top" style="padding: 15px 0 0 15px">
<div style="font: normal 24px Verdana; color: #fc7500; background-color: #ffffff;">Important computer safety notice from AT&T Internet Services Security Center - Bot Traffic Detected</div>
</td>
</tr>
</table>
<table width="590">
<tr>
<td valign="top" align="right" style="padding: 15px 0 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px"><st
<strong>Primary Account Holder: AT&T Uverse customer</strong>
</td>
</tr>
</table>
<table width="590">
<tr>
<td valign="top" style="padding: 15px 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px"><st
<br>
AT&T has received information indicating that a device using your Internet connection
may be infected with malicious software. Internet traffic consistent with an infection was observed at Wed, 20 Nov 2013 12:29:58 +0000 from
the IP address 108.237.111.32. Our records indicate that this IP address was assigned to you at this time.
<br><br>
The information indicates that your Internet connection was being used to provide DNS services to a
zombie computer network, also known as a Botnet. Infection details:
<br><br>
Type: Ransomware<br /> Source port: 55946<br /> Destination IP: 87.xx.xx.229<br /> Destination port: 80<br><br>
Botnets are networks of compromised computers under the control of a
hacker or group of hackers. Botnets are often used to conduct various
attacks ranging from denial of service attacks on websites, to
spamming, click fraud, and distribution of malicious software.
<br><br>
To address this problem we ask that you immediately take the following
steps to secure your network:
<ol>
<li>If your computer(s) are managed by an Information Technology (IT)
group at your place of work, then contact them immediately.
<li>AT&T offers a free online scan tool PC Health Check that will scan
for virus/spyware activity at <a style="color:#067ab4; text-decoration: none;" href="https://pccheck.att.com/">https://pccheck.att.com/</a>.
<li>If your computer(s) are personally owned, then update the security
software on your system (follow the instructions on your vendor's
website). You might also consider installing new security software such
as AT&T Security Suite; see <a style="color:#067ab4; text-decoration: none;" href="http://www.att.net/iss">http://www.att.net/iss</a>. (You must be logged in
with the Master Account ID to download AT&T Security Suite).
<li>If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. If you prefer,
this can be done by a third party such as AT&T Connect
Tech; see <a style="color:#067ab4; text-decoration: none;" href="https://remotesupport.att.com/index.aspx">https://remotesupport.att.com/index.aspx</a>. AT&T Computer
consultants trained to clean infected machines may also be located in
your area.
<li>In all cases, please respond by forwarding this email to
<a style="color:#067ab4; text-decoration: none;" href="mailto:abuse@att.net
this infection.”</i> When we receive such an acknowledgment, we can
maintain the high quality of service you expect from us. We welcome
feedback on what removal tools or methods were used.
</ol>
<P>Although the activity is likely unintentional, it is still in violation
of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use
Policy, go to <a style="color:#067ab4; text-decoration: none;" href="http://www.corp.att.com/aup/">http://www.corp.att.com/aup</A>.</P>
<P><strong>Below are some additional sites you can visit for tools or information:</strong></P>
<ul>
<li>AT&T PC Health Check:
<a style="color:#067ab4; text-decoration: none;" href="https://pccheck.att.com/">https://pccheck.att.com/</A>
<li>Microsoft Security Essentials:
<a style="color:#067ab4; text-decoration: none;" href="http://www.microsoft.com/security_essentials/">http://www.microsoft.com/security_essentials/</a>
<li>Microsoft Safety Scanner:
<a style="color:#067ab4; text-decoration: none;" href="http://www.microsoft.com/security/scanner/">http://www.microsoft.com/security/scanner/</a>
<li>OS X Gatekeeper:
<a style="color:#067ab4; text-decoration: none;" href="http://support.apple.com/kb/HT5290">http://support.apple.com/kb/HT5290</a>
</ul>
<P>We also recommend you run anti-spyware application, like Malwarebytes
Anti-Malware or Spybot:
<ul>
<li><a style="color:#067ab4; text-decoration: none;" href="http://malwarebytes.org/mbam.php">http://malwarebytes.org/mbam.php</a>
<li><a style="color:#067ab4; text-decoration: none;" href="http://www.safer-networking.org/en/index.html">http://www.safer-networking.org/en/index.html</a>
</ul>
</p>
<P>Regards,</P>
<P>AT&T Internet Services Security Center</P>
</td>
</tr>
<tr>
<td valign="top" style="padding: 0 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px">
<br>
<strong>DISCLAIMER: </strong>
The information above contains links to software by
third-party vendors (hereafter, “the Software”). AT&T is
not responsible for support or assistance for any of the
Software. If you need support or assistance with any of the
Software, please contact the Software's vendor directly.
AT&T is unable to provide a warranty or guarantee, either
expressed or implied, for any of the Software. You will be
responsible for your own system software and system security
and not hold AT&T, its partners, agents or affiliates liable
for any costs or damages whatsoever (including, without
limitation, damages to access system, hardware and/or
software) to your computer as a result of installing or
using any of the Software. You also understand that use of
all hardware and/or software must comply with the AT&T Acceptable Use Policy.
</td>
</tr>
<tr>
<td valign="top" style="padding: 15px 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:9px">
<strong>Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.</strong></font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="592" style="border: 0; border-collapse:collapse; text-align:left">
<tr>
<td style="padding: 0 0 0 10px">
<div style="font-size:10px; line-height: 150%; font-family: Verdana; color: #656565;">
<a href="http://att.com/Trademark-Copyright-Privacy-Policy" title="AT&T Intellectual Property" style="color:#067ab4; text-decoration: none;">©2013 AT&T Intellectual Property</a>. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
<br>
<a href="http://att.com/privacy" title="Privacy" style="color:#067ab4; text-decoration: none;">Privacy Policy</a> <span style="font-size:10px; font-family: Verdana; color: #FF0000;"> (Updated 06-29-13)</span>
</div><img src="http://www.att.com/Common/images/email/Transactional_email/Spacer_White_1px.GIF" width="1" height="1"><br>
</td>
</tr>
</table>
<br>
<br>
<br>
</td>
</tr>
</table>
</center>
</html>
--boundary-696481--
Next day I get this email from ATT....
So my question is this...
1. Is this a legitimate ATT email...???
2. I am assuming the botnet is coming from the laptop I was getting decrypted as the
time indicated in the email is when Crypto was de-crypting the data...
3. So I am assuming that while Crypto was de-crypting they were also installing
a botnet...
My first post on this Crypto issue....
https://www.experts-exchange.com/questions/28297517/Crypto-Locker-help.html
Appreciate any help, thoughts and ideas...
Thanks
Steve
Sent from
AT&T IISS Network Security [netsec@att.net]
(I have deleted my IP address in the email...but the IP address ATT states in the email is my correct IP)
Content-Type: multipart/alternative; boundary="boundary-696481"
Message-Id: <mailbox-5096-1385055410-4
Date: Thu, 21 Nov 2013 12:36:50 -0500
MIME-Version: 1.0
--boundary-696481
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding:
Important computer safety notice from AT&T Internet Services Security Center - Bot Traffic Detected
Site ID: 062284680
Primary Account Holder: AT&T Uverse customer
Dear AT&T Uverse customer (Primary Account Holder),
AT&T has received information indicating that a device using your Internet connection may be infected with malicious software.
Internet traffic consistent with an infection was observed at Wed,
20 Nov 2013 12:29:58 +0000 from the IP address 1xx.2xx.1xx.xx. Our records indicate that this IP address was assigned to you at this time.
The information indicates that your Internet connection was being used to provide DNS services to a zombie computer network, also known as a Botnet. Infection details:
Type: Ransomware
Source port: 55946
Destination IP: 87.xx.xx.229
Destination port: 80
Botnets are networks of compromised computers under the control of a hacker or group of hackers. Botnets are often used to conduct various attacks ranging from denial of service attacks on websites, to spamming, click fraud, and distribution of malicious software.
To address this problem we ask that you immediately take the following steps to secure your network:
1. If your computer(s) are managed by an Information Technology
(IT) group at your place of work, then contact them
immediately.
2. AT&T offers a free online scan tool PC Health Check that will
scan for virus/spyware activity at https://pccheck.att.com/.
3. If your computer(s) are personally owned, then update the
security software on your system (follow the instructions on
your vendor's website). You might also consider installing new
security software such as AT&T Security Suite; see
http://www.att.net/iss. (You must be logged in with the Master
Account ID to download AT&T Security Suite).
4. If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. If
you prefer, this can be done by a third party such as AT&T
Connect Tech; see https://remotesupport.att.com/index.aspx.
AT&T Computer consultants trained to clean infected machines
may also be located in your area.
5. In all cases, please respond by forwarding this email to
abuse@att.net with an acknowledgement of: ?I am taking steps to
address this infection.? When we receive such an
acknowledgment, we can maintain the high quality of service you
expect from us. We welcome feedback on what removal tools or
methods were used.
Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to http://www.corp.att.com/aup.
Below are some additional sites you can visit for tools or
information:
* AT&T PC Health Check: https://pccheck.att.com/
* Microsoft Security Essentials:
http://www.microsoft.com/security_essentials/
* Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/
* OS X Gatekeeper: http://support.apple.com/kb/HT5290
We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot:
* http://malwarebytes.org/mbam.php
* http://www.safer-networking.org/en/index.html
Regards,
AT&T Internet Services Security Center
DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, ?the Software?). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or
software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.
?2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Privacy Policy (Updated 06-29-13)
--boundary-696481
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><title>I
<style></style>
</head>
<table bgcolor="#ededed" width="100%" border="0">
<tr>
<td style="padding: 30" align="center">
<center>
<table class="html_email_containe
<tr>
<td style="font: 20px Verdana;height:42; padding: 15px 0 0 15px;">
<a href="http://www.att.com/" style="color:#067ab4 !important"><img src="http://www.att.com/Common/images/email/service/emaillogo.gif" width="91" height="42" border="0"></a>
<img src="http://www.att.com/Common/images/email/service/email1_attorange.jpg" width="590" height="11" border="0">
<table width="590">
<tr>
<td valign="top" style="padding: 15px 0 0 15px">
<div style="font: normal 24px Verdana; color: #fc7500; background-color: #ffffff;">Important computer safety notice from AT&T Internet Services Security Center - Bot Traffic Detected</div>
</td>
</tr>
</table>
<table width="590">
<tr>
<td valign="top" align="right" style="padding: 15px 0 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px"><st
<strong>Primary Account Holder: AT&T Uverse customer</strong>
</td>
</tr>
</table>
<table width="590">
<tr>
<td valign="top" style="padding: 15px 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px"><st
<br>
AT&T has received information indicating that a device using your Internet connection
may be infected with malicious software. Internet traffic consistent with an infection was observed at Wed, 20 Nov 2013 12:29:58 +0000 from
the IP address 108.237.111.32. Our records indicate that this IP address was assigned to you at this time.
<br><br>
The information indicates that your Internet connection was being used to provide DNS services to a
zombie computer network, also known as a Botnet. Infection details:
<br><br>
Type: Ransomware<br /> Source port: 55946<br /> Destination IP: 87.xx.xx.229<br /> Destination port: 80<br><br>
Botnets are networks of compromised computers under the control of a
hacker or group of hackers. Botnets are often used to conduct various
attacks ranging from denial of service attacks on websites, to
spamming, click fraud, and distribution of malicious software.
<br><br>
To address this problem we ask that you immediately take the following
steps to secure your network:
<ol>
<li>If your computer(s) are managed by an Information Technology (IT)
group at your place of work, then contact them immediately.
<li>AT&T offers a free online scan tool PC Health Check that will scan
for virus/spyware activity at <a style="color:#067ab4; text-decoration: none;" href="https://pccheck.att.com/">https://pccheck.att.com/</a>.
<li>If your computer(s) are personally owned, then update the security
software on your system (follow the instructions on your vendor's
website). You might also consider installing new security software such
as AT&T Security Suite; see <a style="color:#067ab4; text-decoration: none;" href="http://www.att.net/iss">http://www.att.net/iss</a>. (You must be logged in
with the Master Account ID to download AT&T Security Suite).
<li>If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. If you prefer,
this can be done by a third party such as AT&T Connect
Tech; see <a style="color:#067ab4; text-decoration: none;" href="https://remotesupport.att.com/index.aspx">https://remotesupport.att.com/index.aspx</a>. AT&T Computer
consultants trained to clean infected machines may also be located in
your area.
<li>In all cases, please respond by forwarding this email to
<a style="color:#067ab4; text-decoration: none;" href="mailto:abuse@att.net
this infection.”</i> When we receive such an acknowledgment, we can
maintain the high quality of service you expect from us. We welcome
feedback on what removal tools or methods were used.
</ol>
<P>Although the activity is likely unintentional, it is still in violation
of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use
Policy, go to <a style="color:#067ab4; text-decoration: none;" href="http://www.corp.att.com/aup/">http://www.corp.att.com/aup</A>.</P>
<P><strong>Below are some additional sites you can visit for tools or information:</strong></P>
<ul>
<li>AT&T PC Health Check:
<a style="color:#067ab4; text-decoration: none;" href="https://pccheck.att.com/">https://pccheck.att.com/</A>
<li>Microsoft Security Essentials:
<a style="color:#067ab4; text-decoration: none;" href="http://www.microsoft.com/security_essentials/">http://www.microsoft.com/security_essentials/</a>
<li>Microsoft Safety Scanner:
<a style="color:#067ab4; text-decoration: none;" href="http://www.microsoft.com/security/scanner/">http://www.microsoft.com/security/scanner/</a>
<li>OS X Gatekeeper:
<a style="color:#067ab4; text-decoration: none;" href="http://support.apple.com/kb/HT5290">http://support.apple.com/kb/HT5290</a>
</ul>
<P>We also recommend you run anti-spyware application, like Malwarebytes
Anti-Malware or Spybot:
<ul>
<li><a style="color:#067ab4; text-decoration: none;" href="http://malwarebytes.org/mbam.php">http://malwarebytes.org/mbam.php</a>
<li><a style="color:#067ab4; text-decoration: none;" href="http://www.safer-networking.org/en/index.html">http://www.safer-networking.org/en/index.html</a>
</ul>
</p>
<P>Regards,</P>
<P>AT&T Internet Services Security Center</P>
</td>
</tr>
<tr>
<td valign="top" style="padding: 0 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:11px">
<br>
<strong>DISCLAIMER: </strong>
The information above contains links to software by
third-party vendors (hereafter, “the Software”). AT&T is
not responsible for support or assistance for any of the
Software. If you need support or assistance with any of the
Software, please contact the Software's vendor directly.
AT&T is unable to provide a warranty or guarantee, either
expressed or implied, for any of the Software. You will be
responsible for your own system software and system security
and not hold AT&T, its partners, agents or affiliates liable
for any costs or damages whatsoever (including, without
limitation, damages to access system, hardware and/or
software) to your computer as a result of installing or
using any of the Software. You also understand that use of
all hardware and/or software must comply with the AT&T Acceptable Use Policy.
</td>
</tr>
<tr>
<td valign="top" style="padding: 15px 15px 0 15px">
<font size="2" face="Verdana" color="#656565" style="font-size:9px">
<strong>Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.</strong></font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="592" style="border: 0; border-collapse:collapse; text-align:left">
<tr>
<td style="padding: 0 0 0 10px">
<div style="font-size:10px; line-height: 150%; font-family: Verdana; color: #656565;">
<a href="http://att.com/Trademark-Copyright-Privacy-Policy" title="AT&T Intellectual Property" style="color:#067ab4; text-decoration: none;">©2013 AT&T Intellectual Property</a>. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
<br>
<a href="http://att.com/privacy" title="Privacy" style="color:#067ab4; text-decoration: none;">Privacy Policy</a> <span style="font-size:10px; font-family: Verdana; color: #FF0000;"> (Updated 06-29-13)</span>
</div><img src="http://www.att.com/Common/images/email/Transactional_email/Spacer_White_1px.GIF" width="1" height="1"><br>
</td>
</tr>
</table>
<br>
<br>
<br>
</td>
</tr>
</table>
</center>
</html>
--boundary-696481--
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cryptolocker has been linked to botnets for sending spam already:
http://blog.trendmicro.com/trendlabs-security-intelligence/cryptolocker-its-spam-and-zeuszbot-connection/
http://blog.trendmicro.com/trendlabs-security-intelligence/cryptolocker-its-spam-and-zeuszbot-connection/
Hi stevem5000
I realise that this question has been closed for a while, but I was just wondering whether you have had any repeat emails from AT&T. The reason I ask is that a close "Internet friend" in America, who is also with AT&T, received much the same email with the difference that the Internet traffic was described as follows:
Type: ZeroAccess
Source port: 49195
Destination IP: 68.xx.xx.35
Destination port: 16465
The trojans are obviously different, but the content of the email is the same. I am trying to clear up the PC over a remote connection (I'm in the UK), and the statement in their email that worried me a bit was the inference that they could (or would) suspend the Internet connection if the infection wasn't cleared timeously:
"Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy."
Just wondering whether you managed to get your Ransomware completely eradicated before more malicious traffic was sent and intercepted by AT&T.
Bill
I realise that this question has been closed for a while, but I was just wondering whether you have had any repeat emails from AT&T. The reason I ask is that a close "Internet friend" in America, who is also with AT&T, received much the same email with the difference that the Internet traffic was described as follows:
Type: ZeroAccess
Source port: 49195
Destination IP: 68.xx.xx.35
Destination port: 16465
The trojans are obviously different, but the content of the email is the same. I am trying to clear up the PC over a remote connection (I'm in the UK), and the statement in their email that worried me a bit was the inference that they could (or would) suspend the Internet connection if the infection wasn't cleared timeously:
"Although the activity is likely unintentional, it is still in violation of AT&T's Acceptable Use Policy."
Just wondering whether you managed to get your Ransomware completely eradicated before more malicious traffic was sent and intercepted by AT&T.
Bill
ASKER
Hi Bill...
I did follow up with ATT...
Sent them an email, told them what happened, and what I did about it...
The next I got a auto response asking for log files and a few other things that
the normal home user would have no idea in the world what this stuff was...
And at that point...I figured because I got an auto response, nobody was reading my
email...so I have done nothing after that...
And unless I hear from them again I don;t expect to do anything more...
This Cryptolocker is a real piece of crap...I hope various governments get involved real soon and find the source and shut it down...
Hope this helps...
I did follow up with ATT...
Sent them an email, told them what happened, and what I did about it...
The next I got a auto response asking for log files and a few other things that
the normal home user would have no idea in the world what this stuff was...
And at that point...I figured because I got an auto response, nobody was reading my
email...so I have done nothing after that...
And unless I hear from them again I don;t expect to do anything more...
This Cryptolocker is a real piece of crap...I hope various governments get involved real soon and find the source and shut it down...
Hope this helps...
It does, and thank you for taking the time to post back. Agreed about the Cryptolocker malware. Fortunately I haven't been personally affected. The email from AT&T gives, as it's primary suggestion, the name of their online "PC Health Checkup". This rivals Cryptolocker in terms of crappiness, albeit from the opposite side, and it seems they have jumped on the chance of a sales plug for their software. It's handy to know my friend will get an auto-response when she emails them back to say that she is taking care of the issue. Thanks again.
ASKER
And I really don't think an online utility named "PC Health Checkup" is going to do the job of checking for CL and all the various things it does to a PC...
The more I read about it...I've come to believe it places a botnet on the PC and a DNS director...spills out spam and I suspect other things...
I'm of the opinion...reformat and reinstall...and really good backups...
For my home network I'm setting up a 3TB RAID1 NAS...and I'm putting Macrium Reflect on all machines...I have 6...and do an automatic
image once a week, compressed, encrypted and password...I don;t know for certain but I don';t think CL can spread it's junk to that kind of a backup...
Hopefully I won;t have to find out...:>)
The more I read about it...I've come to believe it places a botnet on the PC and a DNS director...spills out spam and I suspect other things...
I'm of the opinion...reformat and reinstall...and really good backups...
For my home network I'm setting up a 3TB RAID1 NAS...and I'm putting Macrium Reflect on all machines...I have 6...and do an automatic
image once a week, compressed, encrypted and password...I don;t know for certain but I don';t think CL can spread it's junk to that kind of a backup...
Hopefully I won;t have to find out...:>)
Yes, I agree this email looks legit.
The most important thing would be to take the steps recommended by AT&T, such as the Health Check.
You may have learned of another, not documented, feature of CryptoLocker-- providing DNS services to a zombie computer network.