No, not that kind!
I received an e-mail from my ISP last night:
[We have] identified that one or more of the computers behind your cable modem are likely infected with the Zeus Trojan/bot, also known as Zbot.
While this malicious software is not new, it still poses a great risk to your computer and files that reside on your hard drive.
Zeus malware uses keylogging in order to access user names and passwords and infected over 13 million computers worldwide.
We recommend you take the following action:”
This letter reeks of a phishing scheme, so I went to their website and looked up the support page they linked to in the letter (I didn’t click on their link, I searched for it on their site). That part was legit, so I pressed on.
To me, their letter suggests that one or more of the computers in my home network is infected and that they detected network traffic going back to the command/control server associated with this bot. So, I got to work. I started by scanning the four active systems on my network. Then I started digging through the network logs for unusual activity. Several hours later... nothing. No evidence. Nada. Zip.
So I contact them first thing this morning. I figured they have seen network activity that indicates an infection and that it is somehow slipping through the logs or I’m not recognizing it for what it is. I start with an online chat. I ask them to take a look at their logs and see if there’s been any activity in the last 12 hours. They tell me to install their version of Norton Anti-virus. I tell them I already have anti-virus tools and don’t need their version. They insist. I say no. They ask me to call instead of chat.
So I called.
I spoke with a tech and explained the situation. I asked her to take a look at the logs. She asked me to install their anti-virus software. What? No. I already have what I need. I ask what they saw in the network traffic to indicate that one of my systems is infected. She says that they haven’t detected anything coming out of my network. I ask what prompted them to send that e-mail. It’s pretty clear from the wording that something “behind” my cable modem is showing signs of being infected.
What they meant by “behind” my cable modem is their network, not mine. They have NO evidence that anything in my network is infected. That’s a relief! But what is going on here?
It turns out that they are just fishing, trying to get their subscribers to install some protection. Laudable goal, terrible implementation.
I decided to rewrite their letter for them. Here’s how I think it should go:
We have a number of subscribers who have not installed any form of anti-virus software and have detected activity from the Zeus Trojan/bot, also known as Zbot, on our network.
While this malicious software is not new, it still poses a great risk to your computer and files that reside on your hard drive if your system is not protected. To protect our customers and our network, we provide free anti-virus software which you can download at the links below.
This makes it clear that the ISP’s network is compromised and that subscribers have access to free tools to protect themselves.
Watch out Oppo. They’re watching you.