AT&T thinks IRC is malware
I logged into my att.net email account today…
I don’t do that very often since ISP email is a trap that makes it harder to leave that ISP. But that’s where they send account notices and the address I use for situations where I might be spammed and they won’t take a disposable address such as Mailinator.
What’s the first thing I see? A stack of warnings under the subject line WARNING NOTICE from AT&T Internet Services Security Center.
Likely the only reasons this didn’t get sucked up by a phishing filter is because it’s an AT&T email address and because Yahoo’s (it uses Yahoo Mail) mail filter is a joke. If I had set this to forward to the much superior GMX mail that I use often, I probably would never have seen it.
Suspecting this was a phishing scam (subjects like these usually are), but clicking on it anyway revealed this..
Wed, June 1, 2011 7:41:20 AMWARNING NOTICE from AT&T Internet Services Security Center
From: To: Removed
IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”
We have evidence which indicates that a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.
By now I’m thinking “Are you shitting me?” First off, I don’t use Windows or Mac, so the chances if this being a worm are beyond remote. Secondly, I do use XChat for IRC, daily, and have for years.
The message goes on to state… (notes from me in bold)
IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.
IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots. (Or it could indicate I am using SSL on port 7070 to avoid spying from ISPs that cooperate with Federal acronyms with no warrant and do other creepy things I don’t want to think about. I use SSL on XMPP too, is this malware?)
We realize that in some cases this may be normal activity if you are running an IRC server (client), but in order to protect yourself and others, we recommend that you scan every system that utilizes your internet connection with up to date Anti-virus software. (No thanks)
To address this problem, and in accordance with the terms of service and acceptable use policy of your service agreement, we ask that you immediately take the following steps to secure your network: (Fuck you)
1. If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately.
2. AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. (link removed)
3. If your computer(s) are personally owned, then update the security software on your system (follow the instructions on your vendor’s website). You might also consider installing new security software such as AT&T Security Suite. (link to rebadged McAfee crapware removed) (You must be logged in with the Master Account ID to download AT&T Security Suite).
4. If you are an advanced user (Probably more so than most of your mouth breathing employees), then consider reimaging your computer(s) and installing the necessary software patches. (As unwarranted as your collaboration with Federal searches against your users) For less advanced users, this can be done by a third party such as AT&T Connect Tech.(link to ~$200 an hour monkeys that rip off the terminally stupid Windows users) AT&T Computer consultants trained to clean infected machines (There’s training for that? Victimizing Morons 101?) might also be located in your area (you can search at self-serving reference removed).
5. In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.” (Can it be an acknowledgment that you can go sodomize yourself with a lead pipe?) When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. (BWAHAHAHAHAHAHAAAAAAAA! *DIES LAUGHING*) We welcome feedback on what removal tools or method were used. (Chewing gum and Popsicle sticks)
The message concludes with a bunch of links to Microsoft’s “Security Essentials” and such. Trusting the maker of the defective operating system to secure it? No thanks. I’d rather be safe and happy on Fedora….
My replies to AT&T: (The first one was when I was fuming)
Dear Morons,
Internet Relay Chat is a chat protocol, I am not using Windows or Mac OS because I am not a retard. I know what a botnet is, and I know I don’t have one. Please kindly stop sending me this nonsense.
PS: If I get one more of these I’m going to find out whose idea it was to crapflood my mailbox, and rip their head off and shit down their throat. No seriously. how can you people be so stupid? Do you ever just stop to think that people use IRC for legitimate purposes or may use a non-Windows non-Mac OS operating system which isn’t plagued by this kind of crap to begin with?
By the way, I’d like whatever I’ve been paying you for Norton or McAfee or whatever related bloated uselessware refunded if that’s possible, since I have no possible use for it. Would that be cool? I’d love to have the mandatory Windows antivirus tax returned to me at your earliest convenience.
Have a wonderful day.
————————————————————————–
Then I noticed another warning about IRC in my box and sent this…quoting part of their form letter.
“In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.” When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. We welcome feedback on what removal tools or method were used.”Dear DMCAT&T,
I have taken steps to remove the Microsoft Windows infection, I formatted my hard disk and installed GNU/Linux. I suggest you add this to your recommendations as a way to solve Windows malware problems permanently.
I sincerely appreciate your concerns for my safety. I apologize for my brash email when I saw these notices yesterday as my brain can only handle so much stupidity before shutting down and causing me to go insane.
PS: If you’re going to discriminate against open standards like IRC, why don’t you pick on proprietary crapware like Windows Live Messenger and Yahoo Messenger, the most heavily spammed protocols that I am aware of. It’s also common for users of these networks to be sent malware by hijacked client software of those on their friends list, or sometimes through advertisements hosted by Microsoft themselves. I also speak entrely of my own observation that these services are favored by pedophiles since To Catch A Predator with Chris Hanson always seems to use them to lure 400 pound kiddie diddlers with.
As much as I love your work on behalf of the various cartel organizations to spread FUD about open standards, and censoring the web voluntarily at MAFIAA request, I may have to start searching for another ISP soon since you are making me a “sad panda”.
In closing, I would like to request that you permanently cease sending me pointless notifications like this as they will probably lead to more mocking of your stupid and senseless policies.
Thank you for your consideration.
I got a similar email. I think its a phishing email. http://forums.att.com/t5/Security/WARNING-NOTICE-from-AT-amp-T-Internet-Services-Security-Center/td-p/2527537
The email one is a phishing scam but the IRC warning is a new fad for AT&T.
I happen to be an IRC user since 1992 and have had AT&T DSL since around 2000 (Bellsouth at the time.)
3 days ago, I get the warning about the IRC traffic, however, they were not so kind as to say it may be normal if… no, not at all. This is what I received:
——-
IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”
Our investigation shows that the following IP was assigned to your log-on session at the indicated time and was using IRC connections to a computer network which is possibly a Botnet.
Date: (UTC) => Your IP:
2011-10-04 00:14:49 => 98.64.196.97
IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.
IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.
IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.
IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots.
Although the activity is likely unintentional, it is still in violation of AT&T’s Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to: http://www.corp.att.com/aup/
How To Fix the Issue
To address this issue, and in accordance with the AT&T Terms of Service and AT&T Acceptable Use Policy of your service agreement, we ask that you immediately take the following steps to secure your network:
1. If your computer(s) are personally owned:
A. You can update the security software on your system (please follow the instructions on your vendor’s website).
B. You might also consider installing new security software such as AT&T Security Suite that can be found at: http://www.att.net/iss (You must be logged in with the Master Account ID to download AT&T Security Suite).
2. If you are an advanced user, then consider reimaging your computer(s) and installing the necessary software patches.
3. Prefer to let an AT&T expert clean your infected PC? With AT&T Support Plus, get around the clock online and phone support for PC software, virus, security and performance related issues. It’s like having your own personal help desk. To learn more visit http://www.att.com/connectechsecurity
In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.” When we receive such an acknowledgment, we can maintain the high quality of service you expect from us.
Assistance For Business Customers
If your computer(s) are managed by an Information Technology (IT) group at your place of work, then please contact them immediately.
Regards,
AT&T Internet Services Security Center
abuse@att.net
———-
Notice the change in the possibly normal activity to “Although the activity is likely unintentional, it is still in violation of AT&T’s Acceptable Use Policy. To review the AT&T Acceptable Use Policy, go to: http://www.corp.att.com/aup/“? Nowhere in the AUP do I find anything about IRC.
Yes, they are idiots. I know, I worked for them for 32 years, 32 frustrating years of dealing with their corporate bullshit and the idiots you have mentioned in your post. They have no clue about internet. If you knew how paranoid they are about everything internet and how ridiculous and useless many of their “Security practices” are, you’d probably piss yourself laughing.
With me, this was the last straw for AT&T. I don’t have any other service by them except DSL (and I’m an ex employee, what does that tell you?).
Cable internet is being installed on Sunday, AT&T DSL will be disconnected Monday.
Thanks for your post, it made me laugh so hard, I cried.
Ana
If you are an advanced user, please delete this message then hunt us down and castrate us so we don’t reproduce. Too harsh?
LOL!
I thought later today, they just may be using it to drum up revenue via their technical support team. This would not be unusual for a corporation of their size.
I ran into a similar situation with Network Solutions VPS servers. Sure, it runs linux, but what they don’t tell you is that it is 6 year old Red Hat kernel linux with no yum installed. When you call them about it, they refer you to their signature technical support at $100 an hour.
I don’t think so.