Is my MBP infected with Conficker?!

Discussion in 'Mac Basics and Help' started by doubledee, Feb 10, 2015.

  1. doubledee macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #1
    A System Administrator just informed me that the reason I could not access a server is that my IP has been blacklisted.

    He gave me a link to the site http://cbl.abuseat.org that says...

    Is my MacBookPro infected???? :eek:


    Right now I want to SHOOT AT&T for selling my a hotspot with a bad IP address.

    I sure as hell hope that I don't have some Russian rootkit now installed on my laptop... :(

    Please help!!!

    Sincerely,


    Debbie
     
  2. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #2
    Almost all Internet connections use a temporarily assigned (dynamic) IP address.

    Per the message you quoted, the last activity was seen 3+ days ago.

    So either your Mac (or another device using the same Internet connection as your Mac) was infected and now isn't, or you happened to be recently assigned an IP address that has been blacklisted based on the behavior of whomever had it before you.
     
  3. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #3
    The System Admin sent me that message based on my AT&T Hotspot's IP address (versus my MacBook pro's IP address).

    I don't think a hotspot can get infected, right?

    And I also thought Macs couldn't catch viruses or malware? (Isn't that still true?) :(


    The way that message reads to me, it says my MBP is infected with Conficker...

    :(


    Debbie

    ----------

    I didn't notice, but there is quite a bit more to the message than I originally posted!!

    Here is some more - without links - of the message...
     
  4. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #4
    Most mobile providers use dynamic IP addresses. Someone else would've had that IP address three days ago, and they're the one that's infected.

    http://checkip.dyndns.org can be used to determine your current public IP address. If you disconnect and reconnect then it'll likely change (although you may need to stay disconnected for a certain period before it changes).
     
  5. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #5
    Nope, my hotspot has a static IP.

    So how does that change your view of things?


    Debbie
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #6
    Conficker doesn't affect Macs. Does your hotspot have a wifi password?
     
  7. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #7
    Yes, there is malware that attacks OS X - although it is quite limited in scope.
    However, Conficker affects Windows systems. It cannot affect your Mac and OS X - unless you are running Windows on your Mac. If you use Windows, installed via Boot Camp, then you should protect that system, while you are booted to Windows.
    I doubt that it is possible for Conficker to "broadcast" from a Mac running OS X.
    But, it seems more likely that your Mac is simply the target of some kind of IP spoof, which could involve Conficker somewhere on the same network that you connect with - and you are just the unfortunate pawn.
     
  8. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #8
    That's because your Hotspot acts as a router. Any device using it to connect to the Internet will be seen as having exactly the same IP address as the Hotspot.

    I'm amazed that your Hotspot has a static IP address. That's usually a very expensive option only offered on business-class connections.
     
  9. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #9
    Yes, I have a secure password I use to log in to my hotspot.


    Debbie

    ----------

    I'm no telephony expert, but Hotspots have a SIM card which in
    turn has one IP associated with it - just like a cellphone. So I believe that is the standard...


    Debbie
     
  10. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #10
    I stand corrected - the IP on my hotspot is NOT static after all.

    If I reboot my computer or turn off the wifi adapter it stays the same. It is only when I turn off the hotspot for a few minutes that it changes, and thus why I thought it was static.

    I guess that is good news because it is more likely that another user was the one infected, or spamming.

    Still sucks that I pay every month for a bad IP address... :(

    (Is this a common problem in this day and age?)


    Debbie
     
  11. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #11
    There are two sets of IP addresses in play.

    Your hotspot (which acts as a Wi-Fi router) will give a private IP address to any device that you join to the Wi-Fi network, such as your MBP. Private IP addresses often times start with 192.168.x.x, and they're unique only to your network. For example, your Hotspot may assign 192.168.1.10 to your MBP, 192.168.1.11 to your iPhone, 192.168.1.12 to your AppleTV, etc.

    Private IP addresses are not globally unique. My router may assign a private IP address of 192.168.1.12 to my MBP, 192.168.1.11 to my roommate's Windows PC, etc.

    Same with virtually everyone who accesses the Internet from home/small businesses. I'd guess that almost all of them have 192.168.x.x IP addresses for their equipment.

    Your router (Hotspot) also has one public IP address. This IP is truly unique -- nobody else anywhere should have that IP address. Any time that your MBP (or any device you've configured to use your Hotspot) uses the Internet, when the data passes through the Hotspot, the Hotspot changes the IP address from the private 192.168.x.x IP address over to the public address. Even if you have multiple devices using your Hotspot at the same time, to servers on the Internet, each one of those devices will look like one IP address (the public one of your Hotspot).

    So the private IP address that your Hotspot gives your MBP isn't the issue here. It's likely 192.168.x.x something, and nobody on the Internet is aware of that address. They only see the public IP address of your Hotspot (which from your first post appears to be 166.137.xxx.yyy).

    In terms of the issue you're seeing, it's your Hotspots public IP address that has been blocked. Not your MBP's private IP address.

    When it comes to Hotspots, it's been my experience that the public IP address is also not static. Similar to how when you turn off your Hotspot for a few minutes, your Hotspot gives your MBP a new/different private IP address, most Hotspots are given new/different public IP addresses by their provider (AT&T, in your case). Public IP addresses often times stick around for days/weeks, sometimes months, before they change, but there's usually a way within the Hotspot itself to release the current public IP address and request another one. How you do that varies by model. So in that sense, it is somewhat unusual to be stuck with a "bad IP" address permanently.
     
  12. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #12
    Right, I found that out on Tuesday.


    The IP for my hotspot changes - as you said - when I power up, however the problem is that AT&T has entire ranges of IP it dynamically assigns to hotspots, and a significant portion of them are blacklisted!!

    So even with a new SIM card and a new dynamic IP, I still got a bounced back e-mail yesterday, and the server I was connecting to for work also blocked me because I had another blacklisted AT&T IP.

    Very frustrating.


    Debbie
     
  13. doynton macrumors 6502

    Joined:
    Oct 19, 2014
    #13
    Yes but my external IP (which is dynamic) has not changed in 5 years and I've had the router turned off for weeks on end when I go on holiday. It depends completely on your ISP if and when they change it.
     
  14. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #14
    So, if the problem is your "AT&T hotspot", and it causes problems with the network where you need to connect... Then -
    Replace your hotspot.
    If you need to stay with AT&T, there must be other options for hotspots that AT&T should be able to help you with?
    Have you told AT&T tech support about your blacklisting problems? If the bad IPs reported are within the range that THEY provide, then seems possible that they already know (??), and they may have another solution that doesn't leave you floundering around, looking for help.
     
  15. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #15
    I already got a new SIM card. Same issues...


    It's another large American telecom company - there is not help!


    Yep, and they were supposed to get back to me with a resolution and never did.


    I have determined that AT&T doesn't give a ****.

    The better solution it seems is to get a VPN with a dedicated IP, which I am looking into.

    But as far as providers go, AT&T, Verizon, T-Mobile, etc are all a monopoly that no one will change anytime soon. :rolleyes:


    Debbie
     
  16. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #16
    Sure, there's that.

    And then there's understanding the problem and realizing that there really isn't all that much ANY Internet provider (from mom-and-pop rural shops, up to the mega corps) can do about this issue, other than monitor all of their customers data being sent through their network, and hopefully shutting down a customer who has a virus on their PC that's sending crap across the Internet before the third-party companies that run the blacklists notice that infected customer.

    Based on your previous posts relating to privacy, I didn't think you'd like an Internet provider sniffing all of the data you send, although that seems like the only real way to resolve this issue.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
    Your Mac cannot be infected with the Conficker worm because Conficker only runs on Windows. It cannot execute on or in any way affect your Mac.
     
  18. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #18
    I'm not sure what the answer is, but it does seem to me that if IP xxx.yyy.zzz.aaa was marked as having a virus (e.g. Conficker) or being a spammer - and thus gets put in a Spam database - then AT&T shouldn't be giving it to customers for their use!

    I pay $60-$75/month for my hotspot, and as part of that, I shouldn't get e-mails bounced back saying my IP is blacklisted, nor should I have issues logging into a server because the IP they gave me is in in some spam database.

    Would you give your customers dirty utensils if you ran a restaurant?

    It would also seem that IT should catch up with the 20th century and start using IPv6 so there are tons of free IP addresses, and ones marked as spammers or infected users could be "decommissioned" indefinitely, versus recycling dirty IPs.

    Anytime AT&T or Verizon is involved in anything, it is a fubar - and a corrupt one at that!


    Debbie
     

Share This Page