On 23 Dec 2011, at 16:16, Bruce Johnson wrote:
On Dec 23, 2011, at 7:34 AM, Lawrence David Eden wrote: > Listers, > > I recently got a message from Xfinity (my internet provider) that there may > be a BOT on one or more of my computers..... > > IMMEDIATE ATTENTION REQUIRED > Dear XFINITY Customer, Constant Guard from XFINITY identified that one or > more of your computers may be infected with a bot. A bot is a malicious form > of software that is used to send spam, host a phishing site, or steal your > identity by monitoring your keystrokes without your knowledge. It may be > possible you are unaware that your computer is infected with a bot. We > strongly recommend you visit XFINITY.com/BotAssistance for important > information on how to remove malicious software from your computer(s). We > appreciate your prompt attention to this important security notice. > Sincerely, Constant Guard from XFINITY This is a service-related email. > Comcast will occasionally send you service-related emails to inform you of > service upgrades or new benefits to your Comcast High-Speed Internet service. > Well, you are correct in that Macs are highly unlikely to be infected with malware..you are also correct in not touching anything 'Norton' other than a motorcycle :-) Two suggestions: 1) If you feel the need to run virus/malware detection use ClamXAv <http://www.clamxav.com/>, free and it works, and it doesn't fubar your computer. 2) Use a tool like Little Snitch <http://www.obdev.at/products/littlesnitch/index.html>, Private Eye <http://osxdaily.com/2011/10/28/monitor-network-connections-mac-os-x-private-eye/> (10.7 only, apparently), Open Ports <http://cs.lth.se/kontakt/peter_moller/script/open_portssh_en/> or the like to see what's connecting to the outside world. A machine running a bot eill be VERY obvious. I've seen infected windows machines make 500 connections within 30 seconds of starting up and seeing the network. (Windows computers on a domain will normally have 10 or so tcp/ip or udp connections at start) 3) hardcore geeks can use lsof which lists all open files and ports on your computer. Comparing that to ps aux you can find hidden processes that a hacked ps has been set to ignore. At that point your Mac is rooted, and the only solution is to nuke&pave the os. This is vanishingly unlikely. Youn are more likely to be hit with a meteorite than have something like this running... -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs Bruce, Yet again you've educated me. Was unaware of Private Eye - it's now installed and I love it. Thanks Ted (UK) -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/g3-5-list
