mac bot

Are you running MS Windows on your computer or are you only running OS X? If you're only running OS X I suspect your ISP is in error. If you're running MS Windows you need to load some antivirus software and see what it locates.

Hi,

Help in the user tip library for malicious software here.


http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0





Carolyn 🙂

I have a similar problem. My work VPN got disabled by IT because they detected that my macbook is communicating with a known botnet controller. Antivirus software doesn't find anything. Any advice?

you mention you have iMac G5 and OS 10.6.6, it's probably not a G5.

anyways, if you have wireless router, maybe somebody is connecting via your router?

there is a site that runs port scan,
http://www.grc.com/intro.htm

on top where it's says "Services" select ShieldsUP! and try the test, on the Mac it usually says the computer is "invisible" which is a good thing.

I run the test and I'm not invisible - so you think this could be related to IT detecting that my macbook communicates with a botnet controller?

Out of curiosity, are you by chance using torrent sites to share and/or download stuff?

could be, the port scan should tell which ports are failing, write it down and talk to your IT people.

worst case your OS may need to be reinstalled

System Preferences>Security>Firewall. Make sure Firewall is turned on. Go to advanced> check Block all incoming connections and make sure Enable Stealth Mode is checked.

Thanks a lot for all your help! I blocked all incoming connections now and activated stealth mode.

Barbara, I'm not using any torrent sites for downloading.

Unfortunately my IT people won't help me - they just cut me of and told me I have to deal with this myself. They wouldn't even say what exactly they detected.

Is there any way to check if I'm still under attack or if I need to reinstall OS?

Just in case, try running this to scan for one Mac Trojan that might be related to a bot.

http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg

The SecureMac site has several other free Trojan removal tools.

http://www.securemac.com/

And to read:

http://arstechnica.com/apple/news/2009/04/evidence-suggests-first-zombie-mac-bot net-is-active.ars

Also, System Preferences>Network, put these numbers from OpenDNS in DNS for the interface (i.e. Airport, Ethernet) you're using. Then hit apply. They are patched against DNS poisoning and generally faster and safer than the servers your ISP is using.

208.67.222.222
208.67.222.220





Go here to check that it's working

http://www.opendns.com/welcome/

You can scan your drive for malware using ClamXav (note that a lot of what it may find will only affect Windows/PC. Same for Sophos.)

http://www.clamxav.com/download.php

There's also Sophos. But just use it to do an initial scan. As it may cause problems, don't leave it on in its always-on mode, or whatever they call it.

http://www.sophos.com/products/free-tools/free-mac-anti-virus/



Message was edited by: WZZZ

Thanks WZZZ, I feel much safer now - but it doesn't matter with which program I'm scanning, I just don't find anything malicious. I guess I have to decide now if I'm paranoid enough to reinstall OS...

there is not enough information regarding what exactly was found, mabye outsource your IT department.