I'm with Rogers internet ...Apparently I Have on one of my devices a gumblar botnet ..... Unless I get rid of it ? they will suspend my internet service ..... so a tech guy there told me to research where it hides & what it does .... & find out how to delete it from the system ......
I haven't a clue ... I have an iMac, iPhone, iPad mini ..
Help!!!!
Bev
iMac, 10.12
No need for an outside service. First, block e-mails from the sender in Mail. Next, you can safely ignore the message. Please take some time and carefully read Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams and follow the advice in there.
Next, download the free version of Malwarebytes from either the Mac App Store or Malwarebytes.com and run it and if there is any malware you installed, it can be quarantined so it no longer affects your system.
No need for an outside service. First, block e-mails from the sender in Mail. Next, you can safely ignore the message. Please take some time and carefully read Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams and follow the advice in there.
Next, download the free version of Malwarebytes from either the Mac App Store or Malwarebytes.com and run it and if there is any malware you installed, it can be quarantined so it no longer affects your system.
Could you explain a little more about the circumstances and the call here?
Did you get a call from somebody telling you this?
Because this sounds like a scam.
Gumblar is some very old malware for now very old Microsoft Windows versions.
Did you install something and then let the caller access any of your computers?
I actually received 3 emails advising me of a problem with an internet-connected device in my home interfering with Rogers network in my area ... & that the problem device is infected with a virus .... Could be on a computer, phone, tablet, sensors or other device connected to my wifi .... Failure to correct the problem will result in suspension &/or termination of your internet service........ It is not a scam ..... Have dealt with Rogers customer service & tech dept on numerous occasions ....They temporarily suspended my service today but the tech guy turned it back on for me to deal with it ....
It indicates the Malware family is gumblar & the type is botnet drone & this host is most likely infected with malware ....
It's just I don't know what device .....
Since you’re not going to believe us about the prevalence of tech support scammers, and as you seem intent to believe the scammers, call the folks at Rogers yourself—look up the Rogers Internet telephone support number yourself, don’t use any telephone numbers in any recent email—and ask them if they know anything about this issue.
Again, an exploit targeting under-patched Windows 2000 and Windows XP systems seems... unlikely.
This reeks of a tech support scam.
A client received 3 similar emails from Rogers claiming a device in their house had a "Gumblar family botnet drone" that was "interferring" with the Rogers network, and just had their internet service unceremoniously shut off.
We called Rogers directly and they verified the emails and warnings about terminating service were legitimate... however, the actual detection of a botnet seems (in our case) like it might be misidentified traffic, or misattributing it to the client's devices or account - we've double checked all of our devices and found no issues:
The first email came 3 weeks ago, and since then we have completely erased and clean-installed 2 iMacs, 2 iPhones, an iPad, Apple TV, a TIme Capsule and even a Brother printer. We have used Sophos, Bitdefender and Malwarebytes to scan everything, with no problems found. There are no cameras or "smart" devices at all. We even reset the Rogers modem itself, changed Wi-fi passwords in case it was a neighbour hijacking Wi-fi. We did literally everything we could to reset everything.
Last night we turned EVERY device off, turned Wi-Fi off, and just left the Rogers modem on overnight by itself - to prove that IF there was malicious traffic it was not coming from us. Sure enough, Rogers shut off service overnight, claiming there was a Gumblar family, botnet drone.
I called Level 2 Support, and they admitted they use an unnamed 3rd party security company, who does random scanning of client modems, and if they detect a problem, an automated system sends 3 "courtesy emails", then a phone call, then they just shut it off.
This suggests there is a larger problem - if the 3rd party security company is reporting malicious traffic from a client, but there are NO devices on at the client's modem, then either their scanning isn't accurate, or they are being duped. Either way, bad.
Today Rogers is replacing the modem itself, and we have Bell on speed dial to install Fiber Optic internet tomorrow if Rogers can't figure out THEIR problem. I've heard of this behaviour before from Rogers, but I've never heard of it from Bell (so far). I will report back the results.
That leaves the modem itself, or a buggy scanner. Wouldn’t be the first malware-infested modem, nor the first buggy scanner.
Long thread here: https://communityforums.rogers.com/t5/Internet/Internet-was-blocked-for-a-so-called-virus/td-p/196143
The very last entry posted over there today proposes an interesting theory; that Rogers has problems with folks cloning the MAC addresses of their modems. Sending a new modem would address that, silently.
I am Winpub42 who started this above ...... I had a computer place who scanned my iMac found nothing ...installed Malwarebytes & eset Cyber Security pro ... kept shutting me down ... changed the network password .... kept happening...
my computer guy suggested changing the network name & password as well as switching my modem for a new one ...
Manager in level 2 started an investigation ... on Sept 8 spoke to tech at Rogers ... investigation was closed & no security issues showing since August 26 .... (touch wood) ...... Happens again will change the network name, password & modem again....or after 16 years take all my business elsewhere .... Bev
Today Rogers replaced our Hitron CGN3 modem/router, and so far the issue seems to be resolved - only time will tell. However, having gone through the activation process, which uses the modem's MAC address - it seems that MAC address spoofing or cloning by someone else is the ONLY thing that explains what is happening.
So if I'm correct (that's an if...) then Rogers activates a new modem by its MAC address and ties it to a customer account. If that modem is plugged in anywhere on the Rogers network, Rogers sees that's it's "activated" and gives it access... So you take it home plug it in and it works. But then someone with a 3rd party router - with the capability of setting a custom MAC address - happens to set their MAC address to be the same as yours, and voila their internet traffic gets attributed to YOU. And the Rogers system doesn't seem to notice that it's not actually you.
And far worse - the 3rd party security company Rogers hires to protect their network from malicious traffic, doesn't seem to notice or care. Rogers own community forums have plenty of mentions by senior member about the issue of MAC address cloning - so I'm surprised that this is still an issue. I'm surprised the when a customer in good standing gets a nasty email or call, that Rogers staff aren't trained to CHECK if there are 2 devices with the same MAC address.... I'm sure someone can figure out how to do that.
So the advice is, if you get a notice from Rogers that they have detected some sort of virus or bot coming from a device on your network... Of course it's a good idea to actually scan for viruses and malware, but more than likely it's actually someone else who is spoofing your modem's MAC address on the Rogers network.
& I don't know how to correct it ...... Should I probably get an outside tech person to deal with it?
Just call Rogers tech dept .... change your network name & password ....
Take your modem into Rogers store & switch it for a new one ....
How do I get rid of a gumblar botnet
