Increase in Virus Activity

[vebk]

I'm using Avast Antivirus Home Edition 4.6, and seeing hell of a lot of DCOM exploit and LSASS exploit attacks (From IP addresses belonging to Airtel). Luckily, Avast's networks shield is blocking them, but I am getting these alerts every few seconds or so.... kind of worrying.... anyone else seeing this activity?p.s. I also seem to have been infected by some process-injecting trojan - anyone have any clues on how to deal with that?

 

[Sushubh]

most airtel IPs are already in spam databases so i send a mail through pop it lands as a spam at my client's mailboxes. being good means people have misused their airtel connections to spam getting the ips blacklisted.

 

[ultra vires]

ya thats true . the other day i couldnt edit wikipedia as my IP address was blacklisted. :angry:

 

[power]

Lsass and Dcom are quite old now but still thousands of pc's vulnerable out there .. And worms use vulnerable machines to infect even more :angry: .. B4r sify's started secure synergy ... about 8/10 pc's were infected with w32.gaobot.gen variants on our local sify lan . Though sify av is shit but still it forced users to atleast using some av ...... Now few pc's have virus over here .....

 

[vebk]

I sent Airtel Customer Care an e-mail about it, and asked them to implement some kind of mandatory Anti-virus policy. Let's see if anything happens of it, other than them sending me an e-mail back saying, "It is our privilege to have you as our valued customer & would like to thank you for your continued patronage. We look forward to a long and fruitful association with you" and nothing much else beyond that.I used to work Tech Support at my college, and we would shut off the network connection of any computer that would show virus like activity, and would refuse to help anyone who didn't have up-to-date antivirus (we would help them on how to get it of course)... pretty good policy.. held well, but the college decided that it was way cooler and secure to just get Norton AV for every student and push virus definitions and forcibly update their AV software.Anyway, ignorance and laziness is the only reason people don't have AV these days.... Avast, for example, is an amazing AV program, and it's free! It outperformed Norton as well as McAffee IMHO, and the only program I found better was Pc-cillin.

 

[power]

TRy Nod32 ........................... small and best

 

---

[agnivo007]

vebmetal,
some of the other airtel clients sharing the bandwidth from airtel has been affected by viruses, trojans, worms etc. so when you connect, worms on those pcs on airtel network intercept your ip and initiate transfer of trojan,backdoor or downloaders which finally infects ur pc.
what you can do is to get hold of a good AV package with firewall.
one such is Bitdefender 8 professional plus. in the mentime, download mcafee stinger and scan ur system. install ms kb835732 patch. if you need bitdefender key, mail to [email protected]

 

[harsh_puri]

Just checked myfirewall logs



900 attacks in 1 day,
and 90 attacks in previous hour.

That is nuts. :blink:

 

[digen]

Whooa thats a FUD !Thats serious stuff over there,anyways have to reported to the Technical people at Airtel?Are they from the same IP or different?Either ways it would be a good idea to email the logs to the technical ppl.You will be doing a wolrd of good for yourself & other users.Anyways which firewall are you using? that screenie seems unfamiliar.Also care to post a few entries from the log here?

 

[vebk]

Well I reported the problem to Airtel when i started this thread, and well..... no reply... and it doesn't seem like they have done anything about it either... Sygate, thankfully, is blocking the sh*t out of these attacks....p.s. Airtel customer service people are morons, and I hate them.