[OPSEC/Computer] My ISP recently gave me a warning that my computer was participating in botnet activity. Is this something to worry about?

They gave me the warning, and made me acknowledge and 'fix' the problem, before I pressed a red button to reactivate my internet.

Is this botnet activity often acknowledged by ISP after extended TOR use? Or is there a legit problem? It's been about a month, and without changing anything, I haven't had any other problems. Still...


Comments


[13 Points] None:

[deleted]


[6 Points] DNMShopper:

It probably means that your computer is/was infected with a virus, hackers often put "rats" (remote administration tools) on people's computers. They have 100's of 1000's of computers infected at once. And they have a control panel where they can make all the computers do the same thing at once. <-- this is called the "Bot Net" Most bot nets are used for one reason, and that's to DDOS/Flood (Direct Denial Of Service) web servers. So for example, he wants to kick offline a certain website/online gamer. He will easily find th IP address of the website, or use a method to get a users ip from chat, xbox, PS3 etc. Then the hacker makes all of the computers on his/hers "botnet" send massive amounts of data to that persons ip/server address of website. Thus causing the server to crash, or the targeted gamers Internet to crash until the hacker stops flooding the ip with all of his bots from his bot net.

And your ISP sees all this data being sent, so their probably aware when your infected. Unless you do mass torrenting, that could be another reason.


[2 Points] DNMpeyote:

you need to format and reinstall your OS. You're someones slave mate


[1 Points] chip_ninja:

Did it come from comcast?


[1 Points] intense_feel:

I would recommend to do a full reinstall of your OS as many bots are also dumping credentials by hooking into common web browsers and looking what you type into forms.

If you want to do some confirmation and you know Windows internals, you can look into prefetch (use some free prefetch parser tool) to confirm an execution of malicious code. Prefetch is disabled on systems with SSD that are > Vista and < Win8.1. Prefetch is the first thing in forensic investigation when confirming an execution of a program or malware. You will get a list from that listing an executables that has been running on your system, first run, last run and number of executions (Win8 +).

Alternatively, you can use free tool called Mandiant Redline to run a local system triage, it will collect a lot of system data that you can later review in same interface and confirm the system compromise. It's much more better than just a listing of prefetch folder because you can see there a list of opened connections, process tree and a lot of surrounding informations


[1 Points] xeddmc:

Like /u/intense_feel said, I would do a total wipe. I would even go as far as to use DBAN to securely wipe your HDD before re-install. Being a part of a malicious botnet is no fun, and could put your IP on the radar, jeopardizing OpSec.


[0 Points] None:

[deleted]


[0 Points] Oldwisewoman:

It means DoctorClu is still upto his old tricks from da slammer....and YOU my friend, are a pawn in the larger game being played by this Anonymous hacker shot-caller.


[-7 Points] YOUREfuckingSTUPIDM8:

There is absolutely no case where an ISP would have you 'press a button' to reactivate your internet. Stop being so fucking stupid.