1 2 3 Previous Next 37 Replies Latest reply: Mar 29, 2013 5:11 PM by ~Bee Go to original post
  • 15. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    John Galt Level 8 Level 8 (36,390 points)

    Yes, absolutely.

  • 16. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    MadMacs0 Level 4 Level 4 (3,725 points)

    Just to let you know that I concur with John 100% on the possibility that it could easily be the Windows machine, and even an Android.

  • 17. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    Okay-

    I have John and Galt & MadMacs0 saying possibility of malware on a Guest Network.

     

    But then Linc Davis saying the Comcast email itself is a scam.

     

    Can't be both. I'm now on hold with Comcast after 4 numbers to call and lots of menus. I want to find out if it's a legitimate Comcast email.

  • 18. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Linc Davis Level 10 Level 10 (118,005 points)

    Comcast seems to send that message to all its subscribers. It's been reported here many times by people who have no Windows computers and no "bots." That doesn't mean that you couldn't have a Windows computer with a bot. The email tells you nothing.

  • 19. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    Talked to Comcast security. They did send the email. She said a bot was detected on one of the computers. The bot is associated with an IP Address, but she didn't have an IP address to give me. Told her about the Main & Guest Network, but she couldn't tell me from which Network or even if Comcast could tell which Network the bot was on.

     

    She gave me this address to go to.  http//:www.amibotted.net  The site reads your IP Address and gives you the results basically as soon as the web page loads.  My iMac has no bots according to the site.  So now I guess I'll ask all the computers to visit the site.

     

    But.. I deleted the email ClamXav said was infected. So I'll never know if it really was or was not.

     

    Screen Shot 2013-03-27 at 7.22.31 PM.png

  • 20. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    michaelsip4 Level 2 Level 2 (300 points)

    Joe,

     

    this is one of those strange things, allow me to explain  (1) Clamxav  (2) comcast (3) other

     

    Claimxav if you visit their support site has occassionally flagged emails (reliable sources with phising.email tag)

     

    Comcast has sent out broadcast messages similiar to the one you mention "i received one and so have other parties" as part of constant guard  http://customer.comcast.com/sitecore/content/customer_comcast_com/Home/help-and- support/internet/constant-guard-service-notice/

     

     

    as for the guest network - anything is possible

  • 21. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    Linc Davis wrote:

     

    Comcast seems to send that message to all its subscribers. It's been reported here many times by people who have no Windows computers and no "bots." That doesn't mean that you couldn't have a Windows computer with a bot. The email tells you nothing.

    I agree. But since the email is legitimate, I'll ask the people with the PC on the Network to go to the amibotted site and check.  But even if the PC(s) has a bot, which wouldn't be a surprise, how can anyone be sure if Comcast infact can detect the bots or they just send the email out as a routine thing.

  • 22. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    I hope I'm not sounding overly concerned because I'm not. I know ClamXav has flaws and Comcast tries to scare people and I know my machine is clean. I just want to follow thru and check the PC's on the Guest Network. Out of curiosity as well as not wanting any bots on the Network. But with PC's on the Network this may not be possible.

  • 23. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Linc Davis Level 10 Level 10 (118,005 points)

    But since the email is legitimate

     

    The email is legitimate only in the sense that it did come from Comcast. It's not legitimate in the sense that Comcast is lying when it tells you it has detected a "bot" on your network. What's really happening is that it has a marketing agreement with Symantec to distribute the latter's useless crapware. It's free initially, but the future "upgrades" that you'll need in order to keep using it won't be.

  • 24. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    All the PC's on the Guest Network went to the Comcast "amibotted.net" site and no bots were detected.

     

    So Comcast is either full of ......  or it was associated with the email ClamXav detected and I deleted.

     

    Who Knows, thanks for the help

  • 25. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    Linc Davis wrote:

     

    But since the email is legitimate

     

    The email is legitimate only in the sense that it did come from Comcast. It's not legitimate in the sense that Comcast is lying when it tells you it has detected a "bot" on your network. What's really happening is that it has a marketing agreement with Symantec to distribute the latter's useless crapware. It's free initially, but the future "upgrades" that you'll need in order to keep using it won't be.

     

    This is most likely the case.

  • 26. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    MadMacs0 Level 4 Level 4 (3,725 points)

    Joe Gramm wrote:

     

    Talked to Comcast security. They did send the email. She said a bot was detected on one of the computers. The bot is associated with an IP Address, but she didn't have an IP address to give me.

    Your network has only one IP address, that of the Comcast modem. Unless you paid extra for a static IP, it can change periodically. I would guess mine might change twice a month, but I don't really keep track. Comcast has no way of knowing which computer / device might be infected, let alone what network it's on. And the IP address could have changed since the time Comcast claims to have detected a bot.

    But.. I deleted the email ClamXav said was infected. So I'll never know if it really was or was not.

    Maybe I wasn't clear, but I never believed that e-mail had anything to do with this. It was flagged as a possible phishing attempt and was in your Deleted Messages folder. Either you or your ISP decided some time ago that it wasn't anything you needed. The worst thing that could have happened, assuming you looked at it on your Mac and not the PC/Android is that it had a link to a fake financial institution site and you filled in some privacy information. The e-mail itself was not infected with anything (except maybe a fake hyperlink) and the site you were taken to could not have downloaded anything to your Mac unless you had Java enabled in your browser. The only people I have heard of to suffer the last fate were Tibetan sympathizers.

  • 27. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    Joe Gramm Level 5 Level 5 (6,315 points)

    MadMacs0 wrote:

     

    The e-mail itself was not infected with anything (except maybe a fake hyperlink) and the site you were taken to could not have downloaded anything to your Mac unless you had Java enabled in your browser. The only people I have heard of to suffer the last fate were Tibetan sympathizers.

     

    No Java enabled in Safari, I'll have to think about the Tibetan Sympathizer thing, but all in all it was a bunch of nothing.  Mentioning a virus, or bot in this case, in the Apple Forums, stirs up the juices. 

  • 28. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    michaelsip4 Level 2 Level 2 (300 points)

    Joe,

     

    I am certain a lot of other people went through the same steps as you did in a effort to be safe instead of sorry.

  • 29. Re: Heuristics.Phishing.Email.SpoofedDomain FOUND
    ~Bee Level 7 Level 7 (30,770 points)

    Joe --I got the same email from Comcast.  Unfortunately,, they have always assumed all of their customers use Windoz, and actually might need an AV/Malware app.

     

    Through the email out.  And never put any apps, free or otherwise, that Comcast wants you to.  I get spam too, and I delete it without looking at it.  Eventually, they go away.