AT&T thinks IRC is malware

I logged into my att.net email account today…

I don’t do that very often since ISP email is a trap that makes it harder to leave that ISP. But that’s where they send account notices and the address I use for situations where I might be spammed and they won’t take a disposable address such as Mailinator.

What’s the first thing I see? A stack of warnings under the subject line WARNING NOTICE from AT&T Internet Services Security Center.

Likely the only reasons this didn’t get sucked up by a phishing filter is because it’s an AT&T email address and because Yahoo’s (it uses Yahoo Mail) mail filter is a joke. If I had set this to forward to the much superior GMX mail that I use often, I probably would never have seen it.

Suspecting this was a phishing scam (subjects like these usually are), but clicking on it anyway revealed this..

Wed, June 1, 2011 7:41:20 AM

WARNING NOTICE from AT&T Internet Services Security Center

From:	AT&T Internet Services Security Center <abuse@att.net>
To:	Removed

---

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security Center -“IRC Traffic Detected”

We have evidence which indicates that a computer accessing the Internet via your Internet connection may be infected with malicious software such as a virus or worm.

By now I’m thinking “Are you shitting me?” First off, I don’t use Windows or Mac, so the chances if this being a worm are beyond remote. Secondly, I do use XChat for IRC, daily, and have for years.

The message goes on to state… (notes from me in bold)

IRC Botnet infected systems commonly send or receive commands that can SPAM email, spread malicious software, and perpetrate identity theft.

IRC traffic on ports other than those normally used by IRC can be an indication of backdoor trojans or bots. (Or it could indicate I am using SSL on port 7070 to avoid spying from ISPs that cooperate with Federal acronyms with no warrant and do other creepy things I don’t want to think about. I use SSL on XMPP too, is this malware?)

We realize that in some cases this may be normal activity if you are running an IRC server (client), but in order to protect yourself and others, we recommend that you scan every system that utilizes your internet connection with up to date Anti-virus software. (No thanks)

To address this problem, and in accordance with the terms of service and acceptable use policy of your service agreement, we ask that you immediately take the following steps to secure your network: (Fuck you)

1.    If your computer(s) are managed by an Information Technology (IT) group at your place of work, then contact them immediately.

2.    AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity. (link removed)

3.    If your computer(s) are personally owned, then update the security software on your system (follow the instructions on your vendor’s website). You might also consider installing new security software such as AT&T Security Suite. (link to rebadged McAfee crapware removed) (You must be logged in with the Master Account ID to download AT&T Security Suite).

4.    If you are an advanced user (Probably more so than most of your mouth breathing employees), then consider reimaging your computer(s) and installing the necessary software patches. (As unwarranted as your collaboration with Federal searches against your users) For less advanced users, this can be done by a third party such as AT&T Connect Tech.(link to ~$200 an hour monkeys that rip off the terminally stupid Windows users) AT&T Computer consultants trained to clean infected machines (There’s training for that? Victimizing Morons 101?) might also be located in your area (you can search at self-serving reference removed).

5.    In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.” (Can it be an acknowledgment that you can go sodomize yourself with a lead pipe?) When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. (BWAHAHAHAHAHAHAAAAAAAA! *DIES LAUGHING*) We welcome feedback on what removal tools or method were used. (Chewing gum and Popsicle sticks)

The message concludes with a bunch of links to Microsoft’s “Security Essentials” and such. Trusting the maker of the defective operating system to secure it? No thanks. I’d rather be safe and happy on Fedora….

My replies to AT&T: (The first one was when I was fuming)

Dear Morons,

Internet Relay Chat is a chat protocol, I am not using Windows or Mac OS because I am not a retard. I know what a botnet is, and I know I don’t have one. Please kindly stop sending me this nonsense.

PS: If I get one more of these I’m going to find out whose idea it was to crapflood my mailbox, and rip their head off and shit down their throat. No seriously. how can you people be so stupid? Do you ever just stop to think that people use IRC for legitimate purposes or may use a non-Windows non-Mac OS operating system which isn’t plagued by this kind of crap to begin with?

By the way, I’d like whatever I’ve been paying you for Norton or McAfee or whatever related bloated uselessware refunded if that’s possible, since I have no possible use for it. Would that be cool? I’d love to have the mandatory Windows antivirus tax returned to me at your earliest convenience.

Have a wonderful day.

————————————————————————–

Then I noticed another warning about IRC in my box and sent this…quoting part of their form letter.
“In all cases, please respond by forwarding this email to: abuse@att.net with an acknowledgment of: “I am taking steps to address this infection.” When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. We welcome feedback on what removal tools or method were used.”

Dear DMCAT&T,

I have taken steps to remove the Microsoft Windows infection, I formatted my hard disk and installed GNU/Linux. I suggest you add this to your recommendations as a way to solve Windows malware problems permanently.

I sincerely appreciate your concerns for my safety. I apologize for my brash email when I saw these notices yesterday as my brain can only handle so much stupidity before shutting down and causing me to go insane.

PS: If you’re going to discriminate against open standards like IRC, why don’t you pick on proprietary crapware like Windows Live Messenger and Yahoo Messenger, the most heavily spammed protocols that I am aware of. It’s also common for users of these networks to be sent malware by hijacked client software of those on their friends list, or sometimes through advertisements hosted by Microsoft themselves. I also speak entrely of my own observation that these services are favored by pedophiles since To Catch A Predator with Chris Hanson always seems to use them to lure 400 pound kiddie diddlers with.

As much as I love your work on behalf of the various cartel organizations to spread FUD about open standards, and censoring the web voluntarily at MAFIAA request, I may have to start searching for another ISP soon since you are making me a “sad panda”.

In closing, I would like to request that you permanently cease sending me pointless notifications like this as they will probably lead to more mocking of your stupid and senseless policies.

Thank you for your consideration.