Virus on Pi2?

[wezzledezzle]

So this morning I received and email from my IP(cox) stating that one of my computers are infected with a virus. I of course logged in and checked my IP and it does indeed think that there is a virus on a computer.

I checked all my computers and found no virus’s on any of them. I did however just tried the RetroPie 3.0Beta for Pi2 and had connected my Pi to the network to send over my roms. Has anyone else had such a problem? I also scanned my computer after seeing the email. Just in case the email was a possible virus but computer is still clean.

[labelwhore]

I can’t pull up this website at work. The network security guys come over yelling that it looks like there’s a ddos attack coming from my PC when I do.

So I think its not the pi, it’s this website.

[tank]

what website?
this one? the petrockblog?!

[labelwhore]

That’s correct. I have been using my phone to access the site for a week or so now, and the security dudes have stopped complaining. Make of that what you will. I don’t have any more details, only a suspicion.

[labelwhore]

Also, they never found any malware or anything on my PC after a thorough check.

[wezzledezzle]

See I never found malware, adware, snoopers, nothing.

Its weird.

[petrockblog]

I don’t see any problem with this site – it doesn’t really make sense regarding a ddos attack unless a browser had a recent exploit that was vulnerable via some software on this website. I see nothing suspicous though.

[labelwhore]

I have no problems from home as far as I can tell, just from work.

I just correlated the two, since around the time I started looking at this site at work is when the guys complained of unusually large amounts of traffic coming from my PC. Bear in mind, from work, all I was doing was reading posts, and not DLing anything like retropie images or anything like that. I’m not really certain it’s this site either, tbh, the time-frame just seems right. That there is somebody else with a similar issue just sounds too coincidental.

[Robert Wilson]

Not saying it is or it not but it is possible one of the ad servers that push ads for this site could have been trying something nasty. Just a few months ago the website that was hosting my towns local paper was infecting people’s computer. It turned out it wasn’t the website it self but on of the many embedded ads. A rogue ad was slipped into an ad server that was used by many sites and when it would popup in rotation boom you got hit. One reason I now do 99% of my surfing from my iPad.

[wfraga]

i’m facing the SAME PROBLEM !!

received 2 emails from AT&T and the ONLY device powered in my home is PI2 running retropie 3 beta 2

and using wireshark is possible see the device is infected !

PLEASE ANYBODY FROM THE PROJECT CAN SAY SOMETHING ABOUT ?

Malware infection advisory from AT&T Internet Services Security Center
AT&T U-verse Site ID: XXXXXXX

Dear AT&T U-verse customer,

AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“ddos-participant-ssdp-amplifier”) was observed on Apr 14, 2015 at 1:12 AM EDT from the IP address 23.11x.xxx.xxx. Our records indicate that this IP address was assigned to you at this time.

Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.

Because malware is designed to run in secret, an infected computer may display no obvious symptoms.

To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.
Additional tools and information:

Tools for removing rootkits, bots, and other crimeware:
Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows)
McAfee Rootkit Remover: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx (Windows)
Tools for general virus and malware removal:
Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows)
Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
Spybot +AV: http://www.safer-networking.org/ (Windows)
OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)
AT&T Malware and Network Security analysts gather weekly to give you the information that you need to know about the latest security news and trends. Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq

Regards,
AT&T Internet Services Security Center

Incident details for 23.1xx.xxx.xxx

Type: ddos-participant-ssdp-amplifier
Source port: 1900
Destination IP: 99.xx.xx.66
Hostname: CPE84948cced691-CM84948cced690.cpe.net.cable.rogers.com
Destination port: 80
For security reasons, the destination IP is partially obscured.

DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software’s vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

[labelwhore]

Is your PC at home? I’m still convinced its this website,as I don’t bring my pi to work but do sometimes read this site. I’ve only had the problem occur at work. In addition, occasionally when bringing up this site in Firefox at work completely locks up my PC with no other software running. The symptom was described to me yesterday as GBs worth of DNS queries in s matter of seconds.

[theguyonthecouch]

Hmm, I’d be very interested to see some PCAP captured with Wireshark so as to establish what the device is doing to cause the alert(s). I may power mine on later and capture some traffic to look for anomalous activity…

[wezzledezzle]

I still don’t know what caused this warning. Currently my systems are all clean and I have not received another notice. I guess its fine for now?

[Author]

Posts