Also, I enjoy throttling down my network bandwidth to kill everything
that uses the network that you launched, and throttle the bandwidth
down to something tiny (say 20kbits/s) and checking how the background
CPU usage changes. If it falls severely, then you may have a bot.
Illirik Smirnov
if (elvis != 0xDEAD){ throw e;)
Ron Paul // Jello Biafra 2012: For A Better America
Proud member of the Enloe HS Debate Team: "At Least Someone Placed"
Proudly Chaotic Neutral since 1997
On Fri, Dec 23, 2011 at 4:40 PM, Edward Treen <ted.tr...@btinternet.com> wrote:
>
> On 23 Dec 2011, at 16:16, Bruce Johnson wrote:
>
>
> On Dec 23, 2011, at 7:34 AM, Lawrence David Eden wrote:
>
>> Listers,
>>
>> I recently got a message from Xfinity (my internet provider) that there may
>> be a BOT on one or more of my computers.....
>>
>> IMMEDIATE ATTENTION REQUIRED
>> Dear XFINITY Customer, Constant Guard from XFINITY identified that one or
>> more of your computers may be infected with a bot. A bot is a malicious form
>> of software that is used to send spam, host a phishing site, or steal your
>> identity by monitoring your keystrokes without your knowledge. It may be
>> possible you are unaware that your computer is infected with a bot. We
>> strongly recommend you visit XFINITY.com/BotAssistance for important
>> information on how to remove malicious software from your computer(s). We
>> appreciate your prompt attention to this important security notice.
>> Sincerely, Constant Guard from XFINITY This is a service-related email.
>> Comcast will occasionally send you service-related emails to inform you of
>> service upgrades or new benefits to your Comcast High-Speed Internet service.
>>
>
> Well, you are correct in that Macs are highly unlikely to be infected with
> malware..you are also correct in not touching anything 'Norton' other than a
> motorcycle :-)
>
> Two suggestions:
>
> 1) If you feel the need to run virus/malware detection use ClamXAv
> <http://www.clamxav.com/>, free and it works, and it doesn't fubar your
> computer.
>
> 2) Use a tool like Little Snitch
> <http://www.obdev.at/products/littlesnitch/index.html>, Private Eye
> <http://osxdaily.com/2011/10/28/monitor-network-connections-mac-os-x-private-eye/>
> (10.7 only, apparently), Open Ports
> <http://cs.lth.se/kontakt/peter_moller/script/open_portssh_en/> or the like
> to see what's connecting to the outside world. A machine running a bot eill
> be VERY obvious. I've seen infected windows machines make 500 connections
> within 30 seconds of starting up and seeing the network. (Windows computers
> on a domain will normally have 10 or so tcp/ip or udp connections at start)
>
> 3) hardcore geeks can use lsof which lists all open files and ports on your
> computer. Comparing that to ps aux you can find hidden processes that a
> hacked ps has been set to ignore. At that point your Mac is rooted, and the
> only solution is to nuke&pave the os. This is vanishingly unlikely. Youn are
> more likely to be hit with a meteorite than have something like this
> running...
>
> --
> Bruce Johnson
> University of Arizona
> College of Pharmacy
> Information Technology Group
>
> Institutions do not have opinions, merely customs
>
> Bruce,
>
> Yet again you've educated me. Was unaware of Private Eye - it's now installed
> and I love it.
>
> Thanks
>
> Ted (UK)
>
> --
> You received this message because you are a member of G-Group, a group for
> those using G3, G4, and G5 desktop Macs - with a particular focus on Power
> Macs.
> The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette
> guide is at http://www.lowendmac.com/lists/netiquette.shtml
> To post to this group, send email to g3-5-list@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/g3-5-list
--
You received this message because you are a member of G-Group, a group for
those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
For more options, visit this group at http://groups.google.com/group/g3-5-list
