Zombie computer?
November 11, 2011 12:58 AM   Subscribe

Apparently my laptop is a zombie. Do I need to do something about this? Complication: I'm in middle-of-nowhere Russia until next fall.

Lately, certain websites (mostly links I've followed from metafilter) have been giving me the warning that my computer has been compromised by some kind of virus. They direct me to this wikipedia article, and tell me to type a random code in to prove that I'm a real person. I'd include a screenshot of this, but I'm not able to reproduce it right now. I'm pretty sure The Nerdist was one of the sites where this was happening.

I've updated the virus software on my mac (Norton) and run a scan; it didn't find anything. And apart from those warnings, I haven't seen anything that would make me think there's anything wrong. My internet does like to end my connection periodically, but I generally attributed that to the faultiness of my cheap usb modem.

I've got a macbook pro from 2007. To connect to the internet, I use a usb modem from Megafon. Macs are pretty rare in Russia, so I don't have access to an Apple store or anything.

I'm familiar with Deezil's profile, but I don't have easy access to another computer where I can download the programs he recommends.

I'm inclined not to do anything about this, because I'm not sure how to prevent it from happening again and I'm planning on getting a new computer when I leave Russia in the fall.

1. Is there a reason I should be concerned about these warnings and do something about them?
2. If my computer is indeed infected, could that contribute to a slow or temperamental internet connection?
3. In any case, are there precautions I should be taking to protect my computer? I do really need it to keep working for the rest of the year.
4. Is there a better place for me to look for answers to these questions?

I am only marginally computer literate, so please forgive any faulty assumptions I've made here.

Many thanks!
posted by toesock to Computers & Internet (12 answers total)
I'd be happy to put the programmes listed in Deezil's profile onto a CD for you and send it to you. If you'd like me to do this, MeMail me with your address.
posted by essexjan at 1:04 AM on November 11, 2011 [1 favorite]

Deezil's stuff is for infected Windows machines. Are you running Windows or Mac OSX on your MBP?
posted by flabdablet at 1:08 AM on November 11, 2011

Ah, I'm running Mac OSX Leopard (not Snow). I guess Deezil's stuff isn't relevant than. I appreciate the offer though, essexjan!
posted by toesock at 1:11 AM on November 11, 2011

It's entirely possible you're not actually infected with something, and merely behind a NAT that has a lot of other compromised computers on it. Particularly on an ISP in a random place in Russia, and the fact that you're not running Windows.

If you're really worried I suggest backing up all of your data and restoring the system from your original OSX CDs. As far as I know there is no known MBR persistent OSX malware. Even the OSX malware that does exist is pretty easy to remove from the command line.
posted by thewalrus at 1:32 AM on November 11, 2011 [2 favorites]

I agree with thewalrus. Unless you've been naive enough to download and install a fake anti-malware scanner just because some random website told you to, your chances of actual infection are slim to none.

When thewalrus suggests you're "behind a NAT", what he means is that somewhere inside your ISP you're being connected to the wider Internet via a box that does Network Address Translation.

NAT has the effect of making that box and all the computers connecting through it look like a single computer from the Internet's point of view. If a server out there detects suspicious-looking activity coming from the NAT box's IP address, it might well react by serving up warning pages to any subsequent requests from that same address.

tl;dr: The anti-zombie warnings you're getting are probably either fake or triggered by traffic from some other computer using the same ISP as you.
posted by flabdablet at 2:58 AM on November 11, 2011 [1 favorite]

By the way, most of the fake anti-malware stuff is not hosted on the web servers you're intentionally connecting to, but by associated advertising servers. The single most effective countemeasure is Adblock Plus, which has the pleasant side effect of making pages load faster and sites look less ugly.
posted by flabdablet at 3:04 AM on November 11, 2011 [1 favorite]

All authors: I am copying and saving this thread to share with Mac users in our environment so that they can stop freaking out daily. Thank you for putting it more eloquently than I do.
posted by halfbuckaroo at 6:06 AM on November 11, 2011 [2 favorites]

There's almost no chance your mac has a virus.

I don't even know what norton checks for on a mac.
posted by empath at 8:23 AM on November 11, 2011 [1 favorite]

empath: I don't even know what norton checks for on a mac.

It checks to ensure that you have received enough terror messages to renew your subscription.
posted by halfbuckaroo at 9:28 AM on November 11, 2011 [5 favorites]

empath: There's almost no chance your mac has a virus.

This is changing today. The popularity of the mac in recent years has made it a target, and malware is being discovered in the wild with payloads for OS X vulnerabilities. This is made even easier for hax0rs since Apple moved from PPC to Intel (no need to learn totally new shellcode techniques).

You could see if it's a false positive by hooking up a different computer to the same internet connection and seeing if you get the same warnings. Best thing to do is to have someone send you the OS discs that came with your Mac, backup your data and reinstall OS X. To be safe you should redownload or reinstall all your applications instead of copying them over.

In any case, I wouldn't be so confident that the Mac is "immune" to viruses anymore. It certainly isn't immune and is in many ways behind Windows in terms of protections (we didn't get real ASLR until 10.7, for example.) It's really only a matter of time now until we start seeing major attacks against OS X...
posted by dis_integration at 10:10 AM on November 11, 2011

The NAT stuff makes a lot of sense. I'm in an area that's actually somewhat known for originating cyber crime, so not surprising at all that the warnings might be referring to another computer. I haven't downloaded anything crazy, so I'll just continue to ignore the warnings.

Thanks everyone! This is a great relief to me, and there wasn't really anyone else I could ask.
posted by toesock at 11:24 AM on November 11, 2011

If your ISP is really cheap and nasty, it's possible that all the computers on your side of their NAT box can talk directly to each other without going through NAT on the way, just as if you were all using a shared WiFi hotspot. And if that's how things are set up, a sufficiently savvy operator on one of those computers might be able to monitor all your network traffic and/or reroute it all through his own box along the way, which would give him the ability to do all kinds of nefarious things including serving you his own social-engineering web pages.

You might care to look into paying a little extra to a trustworthy middleman like StrongVPN. Once you're properly set up with them, all your network traffic is routed via an encrypted tunnel to a StrongVPN server before appearing on the wider Internet, and all any local black-hat will ever get by monitoring your traffic is meaningless random gibberish.

I would be quite interested to find out if using StrongVPN makes all your zombie warnings go away.
posted by flabdablet at 7:41 PM on November 11, 2011

« Older Cutting hours that have already been scheduled?   |   Examples of highly-rationalized dystopias? Newer »
This thread is closed to new comments.