You are not logged in.
- Topics: Active | Unanswered
#1 2020-11-09 06:57:24
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 74
Warning from ISP about Murofetweekly "Virus"
Hello,
I got a message from my (German) ISP that one of the devices behind my internet connection could be infected with a "virus" called Murofetweekly.
I share my Internet connection with 2 other people. I, personally, only have an Arch-Linux machine and an Android cell phone. Other computers in my network include Win7 and Win10 PCs.
Does anyone know what this Murofetweekly thing is? My reasearch online was not very conclusive. Most of the sites I've found are in German.
Is there a risk of my Arch machine being infected? I doubt it, but I have quite some AUR packages and get a lot of spam Emails. So, there are definitely threats.
Thank you
Offline
#2 2020-11-09 07:05:13
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,152
- Website
Re: Warning from ISP about Murofetweekly "Virus"
Searching for the name, I came across the Alias W32/Murofet.A.
This indicates that it is a Malware for 32-bit Windows Systems.
Furthermore, it is designated as a Trojan, not as a Virus.
So it would seem most likely, that one of the Windows devices is infected with said malware, given that the message from your ISP is authentic an trustworthy.
On a side note, I'd recommend to not share your private internet connection with third-party members in Germany.
Get some Information about "Störerhaftung" and you'll realize that you as the contracting party with the ISP, are fully responsible for what happens over your internet connection.
Last edited by schard (2020-11-09 07:06:22)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#3 2020-11-09 07:14:48
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 74
Re: Warning from ISP about Murofetweekly "Virus"
Thanks for the answer.
I put "virus" in quotes as I didn't know what kind of malware or other stuff it was. The text from 1&1 (my German ISP) said virus.
The mesage from the ISP is trustworthy. I called their support hotline (The number I have in my contract, not the one in the email) and they confirmed this.
It seems, that this malware is used to generate pseudo-random domains and aids with the creation of botnets. Therefore the ISPs had an eye on it.
Regarding the "Störerhaftung": I don't share my internet with any 3rd party members. It's family. I couldn't convince them switching to Linux (, yet).
Offline
#4 2020-11-09 08:14:48
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,369
- Website
Re: Warning from ISP about Murofetweekly "Virus"
Inquiry your ISP, what makes them think you are infected with that malware. Without that informaton it’s hard to determine the cause. It may be a false positive from IDS that hasn’t been investigated, but blindly passed downstream. It may as well be misidentification of actual malware based on a similar network usage pattern. But in general I agree with schard: it’s most likely the other people.
As for using the term “virus”, the two common explanations:
In communication with a customer, companies often choose words that make it easy for an average recipient to understand the message. Even if that means using wrong terms.
People responsible for mundane tasks related to security are not expected to have even the basic knowledge of the subject.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#5 2020-11-09 08:37:33
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,152
- Website
Re: Warning from ISP about Murofetweekly "Virus"
If the respective devices are all those of family members, I'd just ask them to check them for malware [1] or offer them to do it for them.
I'd also check any potential logs on my IAD aka. "router" to see whether any unwanted "guest" devices have been around.
I don't know who's in your household, but there is the possible scenario, that the kids shared the family WiFi password with their school friends.
[1] Be sure to perform an offline malware scan. I.e. scan any potentially infected system from a live medium and not from a potentially compromised, installed OS.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#6 2020-11-09 13:30:35
- Shino
- Member
- From: Germany
- Registered: 2015-02-01
- Posts: 74
Re: Warning from ISP about Murofetweekly "Virus"
Other people's devices are not the issue here. Due to Corona, we don't have guests 
. Router is WPA2 Protected with a (more or less easy to circumvent) MAC filter.
I'm at work today and will check the issue when I get home. Thanks for the answers.
Do you recommend any tools for offline virus checking from a bootable device?
Offline
#7 2020-11-09 14:22:00
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 13,281
Re: Warning from ISP about Murofetweekly "Virus"
For windows devices Dr.Web livedisk looks good , see https://free.drweb.com/aid_admin/
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline