I have been receiving warnings from my internet provider for a month now. This is part of the latest e-mail sent to me.
"CenturyLink Security Services has received notification about malicious traffic
originating from this account. This means that this computer or another
computer on your network is trying to infect, attack, or gain unauthorized
access to other computers on the Internet.This malicious traffic has been determined to be an instance of the "Mebroot"
or "Torpig" virus.Computers infected with bots are considered compromised hosts. They may be used
to send spam (also called Unsolicited Bulk Email, or UBE), scan other computers
for vulnerabilities, take advantage of security holes, and/or be used as part
of Distributed Denial of Service (DDoS) attacks. These programs also allow
computers used by attackers or spammers to hide their identity and location.
These bots are often spread by viruses or worms."
I have changed the password 6 times. I even went to my mac store only to have them tell me that what CenturyLink says is impossible. This morning I ran a first aid "verify permissions" and found the following on my "Fugi… and HD options
Warning: SUID file "usr/sbin/vpnd" has been modified and will not be repaired.
ACL found but not expected on "Applications/Utilities".
I am at my wit's end on this matter. Is there anything I can do to fix the problem?
Best Answer
The malware may be transmissible by macs, it's uncertain. Regardless, you might, in addition to checking DHCP:
Ensure that your search domains in Directory Utility are not set to "Automatic", which will leave you open to rogue DHCP servers on your network.
Consider arpsniff or ArpSpyX or some modern equivalent. Those rogues would gain access possibly via ARP poisoning ( google that)
Little Snitch or some other application firewall would be useful here as well.
Turn off Xgrid, in fact, turn off sharing unless you are using it.