Botnet warning again

I got a botnet warning this morning. I spent half the day running scanning software on all my computers. Windows Defender, Avast, Malwarebytes Anti-malware, Stinger, and Microsoft Scanning Tools. And found NOTHING!!!

Where are the getting their mis-information?  Mabe they should be checking their own software. This is the second time I've gotten mis-informattion from TWC. Not very happy.

4 REPLIES
Spectrum Employee

Re: Botnet warning again

[ Edited ]

I could be wrong on this, but from reseaching into what this "Botnet" message could be I kept finding confirming information (both just via Google searches of other forums and also looking into the TWC's own library of information) that this is probably what's going on.

 

1.  A quick search about Botnet warning revealed this other forum topic (along with other topics on other forums):
http://forums.timewarnercable.com/t5/Connectivity/Botnet-Virus-Activity-browser-message/td-p/1236

2. Is this what you are seeing?
http://subscribermgmt.rr.com/ReasonInfo.aspx?code=Abuse-Autobot

3. If so, it's trying to direct you to here: Abuse: Botnet Notification Program

 

4. The "why" behind this is because computers that are infected (often times used as a zombie computer) will essentially clog up legitmate traffic and thus affect many other neighboring subscribers.  Or to quote corporate on this (Last Modified Date: 03/11/2016):

Spoiler

Abuse: Botnet Notification Program
Last Modified Date: 03/11/2016

Summary
:

TWC Security Operations is notifying residential customers about the presence of botnet activity from a machine connected to the cable modem.

 

What is a botnet and why are we doing this?

We are aware that the presence of botnets on our network presents a threat to the safety and security of our customers and the integrity of our network.

The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.

Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.

Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. (source - Microsoft).

 

5.  With regards to virus on customer's computers in general (which isn't what you topic is about from what I can tell, but since you mentioned several different antivirus programs). TWC agents aren't specifically trained to and really shouldn't be doing PC repairs at all.  I know the intent is to be helpful, but that'd be like asking your electric utility company for advice on an electrical appliance that is acting up.  TWC is your ISP, the internet utility, not PC repair. And yes, in my experience I've seen malware and other viruses get right pass ALL of those product names you just listed.

Spoiler
I'm personally more of a fan of Hitman Pro for software removal than trusting McAfee to catch it, but that's my personal professional opinion as an IT guy, not that of TWC, mind you.  

 

6. I'd strongly recommend ask for a forum moderator for help on this to review the notes on your account (can PM them your account number).  If this was correct that you've been put into quarantine, that it wasn't a mistake/error, then there'll be (or should be) some automatic notes on the account along with the number that the customer needs to call (and also typically the assigned case worker's first name & extension # is also noted).

Spoiler
Security and Abuse issues are handled by the Enterprise Risk Operations Center (EROC).
The EROC monitors and acts on complaints received by Time Warner Cable.The Toll-free number for this group is (855) 222-7342.
Account notes will typically have the extension of an assigned case worker.
Quarantines are simple to remove from a technical standpoint, but there's some reason they're on there.
For example, the most common quarantine I see is a simple "registration" quarntine for a brand-new TWC customer that directs them to go to registration.rr.com so they can create their free @twc.com email that you get with internet service. Billing quarntines are for non-pay.  But abuse quarntines like the one I'm discussing here cannot be undone (or put on in the first place) except by the EROC.
I think I've had maybe only 2 abuse quarantine issue customer contacts while on the job. It's that rare.



Even if the above doesn't apply to you specifically, I wanted to get this information shared as I think it might help with others who have such questions in the future.

My postings on this site are my own, off-the-clock, and don’t necessarily represent TWC’s/Charter's strategies or opinions.
Expert

Re: Botnet warning again

Are yuou in dense housing with wireless running? Check the log and see if there are unknown devices.

 Quarantine them, and also turn off WPS

 

Browser

Re: Botnet warning again

Yes I'm getting the same email message saying this.  I know for a fact I dont have any BOT's or virus on my system.  I dont know whats causing this, I am using Skype for Business Cloud based PBX for phone service I'm not sure if thats causing problems?  I dont really understand.. all i get is a email saying they detected a BOT once they even shut down my modem.   What is this BOT?? could it be my Work VPN?

Re: Botnet warning again

Regarding your reply...#2 & 3is exactly what I was seeing. As for #5, I didn't care to download what I was being told to download, anti-virus software and stinger, and microsoft scanners. I Googled and downloaded what was legitemate. As mentioned, nothing was found. 

Last time they claimed I had a problem, they e-mailed me. This time, they took over my computer and it took me several attempts to get rid of that message blocking me. If they want to make it more believable they should have mentioneed me by name and account number.