Forum Discussion

djc6's avatar
djc6
New Contributor

Email from Cox about Alureon / TDSS Virus - but I have a mac

I received an email from Cox about Alureon / TDSS Virus - but it seems like a Windows virus.  There are no windows devices in the house, only macs.

It seems Cox tracks what customers may be infected with a botnet virus by watching the command/control servers they connect to.  How can I find the out the time, destination IP and port that triggered the compromised computer notification?  The email I received contains no actionable information.

I've called 800-753-6085 but the representatives don't even seem to have a rudimentary understanding of how the compromised computer notification emails are generated.  I couldn't get the date/time of the activity even.  I kept asking for the IP my account was seen connecting to - and was only given my own IP address which isn't helpful.  If I had the destination IP I could setup a scan myself on the router and determine which host in my household is infected.


9 Replies

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • Tecknowhelp's avatar
    Tecknowhelp
    Valued Contributor II

    Try to ask for the Cox Network Security Team. It won't be easy to get a hold of them. If it was me, looking at all of Cox's false negatives, I would assume they are just flat wrong. They are using the shotgun approach of sending out tons of emails and hoping enough people get them that actually have malware. 

  • AZ-user's avatar
    AZ-user
    New Contributor

    Just checked with cox tech support. THIS IS  A SCAM!

  • ChrisL's avatar
    ChrisL
    Former Moderator
    @AZ-user

    If you're receiving these notices to it is because something is using your Internet connection to access a known botnet command and control server. Note that the malware may not be the one suggested in the notice, we can only see the traffic, not what is generating it.

  • Tecknowhelp's avatar
    Tecknowhelp
    Valued Contributor II

    ChrisL said:
    Note that the malware may not be the one suggested in the notice

    Then why suggest it?

  • ChrisL's avatar
    ChrisL
    Former Moderator
    @Tecknowhelp

    We do this in an effort to try and be helpful. Many of our customers simply do not understand any of this so we try to give them some help with regards to what to look for. I can see where a knowledgeable user might find this misleading. Basically you want to try and look for whatever is generating the traffic including the possibility it's an Internet connected appliance.

  • JSchmo's avatar
    JSchmo
    New Contributor

    For the next person who lands here via Google or Cox's own search - I've been getting this e-mail alert (and at one point a completely inappropriate browser-hijack pop-up alert) for weeks now, and all of my Windows machines are clean. I run AV on all of them and also ran TDSS Killer on them with zero hits. Called Cox Network Security Team and the information they provided was useless. Date and time the alert was created, that's it. They can't tell me the destination IP that is supposedly part of the botnet, or the OS of the device producing the traffic, or really anything helpful.

    So Cox is "helping" customers by alerting them they may be infected, an alert that was triggered by a very specific type of traffic supposedly coming from my IP address, but they cannot give me any details of that traffic.

    At this point I'm going with annoying false positive and I wish Cox would just stop "helping".

  • Tecknowhelp's avatar
    Tecknowhelp
    Valued Contributor II

    All I want to see is ONE case of Cox saying someone has a specific type of malware, and that malware existing. With all the posts in different forums, wouldn't at-least ONE find the Cox info accurate? If not, the proof, or lack there of, is in the pudding.