Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:information_technology:the_zeus_malware_incident [2019-10-25 00:04]
Heikki Siltala
en:information_technology:the_zeus_malware_incident [2019-10-25 00:05] (current)
Heikki Siltala
Line 11: Line 11:
 ===== Symptoms ===== ===== Symptoms =====
  
-I started to have occasional issues with my internet connection. It appeared that the connection sometimes dropped for a while and then started to work again. Resetting the 4G modem or cable modem didn't help and rebooting the computer seemed to help only for a while. I then used tools like ping and it appeared that the network wasn't really down since ping packets traveled fine without issues. I then download [[http://​technet.microsoft.com/​fi-fi/​sysinternals/​bb897437.aspx|TCPView]] to monitor network connections and noticed that [[:en:​information_technology:​opera_tor_malware|Opera browser was behaving badly]]. Opera was listening on TCP port 9050 that is [[https://​www.torproject.org|the Tor port]], there were some active network Tor connections and Opera was causing a massive flooding of TCP connections. So assumably TCP sockets ran out and that caused the network issues.+I started to have occasional issues with my internet connection. It appeared that the connection sometimes dropped for a while and then started to work again. Resetting the 4G modem or cable modem didn't help and rebooting the computer seemed to help only for a while. I then used tools like ping and it appeared that the network wasn't really down since ping packets traveled fine without issues. I then download [[http://​technet.microsoft.com/​fi-fi/​sysinternals/​bb897437.aspx|TCPView]] to monitor network connections and noticed that [[en:​information_technology:​opera_tor_malware|Opera browser was behaving badly]]. Opera was listening on TCP port 9050 that is [[https://​www.torproject.org|the Tor port]], there were some active network Tor connections and Opera was causing a massive flooding of TCP connections. So assumably TCP sockets ran out and that caused the network issues.
  
-As explained [[en:it:​opera_tor_malware|in my earlier text]] running the virus scanners revealed nothing. I was also unable to find anything written about Opera browser attacks using Tor network. I uninstalled Opera and the issue went away. Reinstalling Opera caused the issue to come back. So I didn't know what it was but I decided not to install and use Opera browser anymore.+As explained [[en:information_technology:​opera_tor_malware|in my earlier text]] running the virus scanners revealed nothing. I was also unable to find anything written about Opera browser attacks using Tor network. I uninstalled Opera and the issue went away. Reinstalling Opera caused the issue to come back. So I didn't know what it was but I decided not to install and use Opera browser anymore.
  
 ===== The second wave ===== ===== The second wave =====