Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Jun 27, 2013
2:42:10 PM
View profile
Warning! Your AT&T Uverse Site ID
AT&T IISS Network Security (netsec@att.net)


For the fastest response, please ensure that you retain the
subject line, and direct all replies to this warning letter
to abuse@att.net.
***********************************************************

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security
Center -" Unauthorized access scanning detected".



This message is being sent to notify you that we have received
complaints of attempts to gain unauthorized access to a host, server,
network, or private computer that originate from your AT&T Internet
account. It is possible that your computer has been compromised and you
should check for any programs or files on it that you do not recognize.

To address this problem we ask that you immediately take the following
steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT)
group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan
for virus/spyware activity. https://pccheck.att.com/

3. If your computer(s) are personally owned, then update the security
software on your system (follow the instructions on your vendor's
website). You might also consider installing new security software such
as AT&T Security Suite. http://www.att.net/iss (You must be logged in
with the Master Account ID to download AT&T Security Suite).

4. If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. For less
advanced users, this can be done by a third party such as AT&T Connect
Tech. https://remotesupport.att.com/index.aspx AT&T Computer
consultants trained to clean infected machines might also be located in
your area (you can search at yp.com).

5. In all cases, please respond by forwarding this email to:
abuse@att.net with an acknowledgement of: "I am taking steps to address
this infection." When we receive such an acknowledgment, we can
maintain the high quality of service you expect from us. We welcome
feedback on what removal tools or method were used.

Although the activity is likely unintentional, it is still in violation
of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use
Policy, go to:

http://www.corp.att.com/aup/

Below are some additional sites you can visit for tools or information:

AT&T PC Health Check - Online virus, malware and spyware scan.
https://pccheck.att.com/

Microsoft Systems Anti-virus:
http://www.microsoft.com/security_essentials/

Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx

Apple Systems Anti-virus:
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot:
http://malwarebytes.org/mbam.php
http://www.safer-networking.org/en/index.html

Regards,
AT&T Internet Services Security Center
abuse@att.net

SAFETY NOTE: We have included links in this email as a convenience.
Please note that it is always safer to copy and paste URLs included in
email directly into your browser to reach the referenced site.

I just wanted to make sure this was real and not a spam or scam email.
AT&T IISS Network Security (netsec@att.net)


For the fastest response, please ensure that you retain the
subject line, and direct all replies to this warning letter
to abuse@att.net.
***********************************************************

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services Security
Center -" Unauthorized access scanning detected".



This message is being sent to notify you that we have received
complaints of attempts to gain unauthorized access to a host, server,
network, or private computer that originate from your AT&T Internet
account. It is possible that your computer has been compromised and you
should check for any programs or files on it that you do not recognize.

To address this problem we ask that you immediately take the following
steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT)
group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan
for virus/spyware activity. https://pccheck.att.com/

3. If your computer(s) are personally owned, then update the security
software on your system (follow the instructions on your vendor's
website). You might also consider installing new security software such
as AT&T Security Suite. http://www.att.net/iss (You must be logged in
with the Master Account ID to download AT&T Security Suite).

4. If you are an advanced user, then consider reimaging your
computer(s) and installing the necessary software patches. For less
advanced users, this can be done by a third party such as AT&T Connect
Tech. https://remotesupport.att.com/index.aspx AT&T Computer
consultants trained to clean infected machines might also be located in
your area (you can search at yp.com).

5. In all cases, please respond by forwarding this email to:
abuse@att.net with an acknowledgement of: "I am taking steps to address
this infection." When we receive such an acknowledgment, we can
maintain the high quality of service you expect from us. We welcome
feedback on what removal tools or method were used.

Although the activity is likely unintentional, it is still in violation
of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use
Policy, go to:

http://www.corp.att.com/aup/

Below are some additional sites you can visit for tools or information:

AT&T PC Health Check - Online virus, malware and spyware scan.
https://pccheck.att.com/

Microsoft Systems Anti-virus:
http://www.microsoft.com/security_essentials/

Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx

Apple Systems Anti-virus:
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

We also recommend you run anti-spyware application, like Malwarebytes Anti-Malware or Spybot:
http://malwarebytes.org/mbam.php
http://www.safer-networking.org/en/index.html

Regards,
AT&T Internet Services Security Center
abuse@att.net

SAFETY NOTE: We have included links in this email as a convenience.
Please note that it is always safer to copy and paste URLs included in
email directly into your browser to reach the referenced site.

I just wanted to make sure this was real and not a spam or scam email.

Warning! Your AT&T Uverse Site ID

11,862 views
5 replies
(0) Me too
(0) Me too
Reply
View all replies
(5)
0
(0)
  • Rate this reply
View profile
Jun 27, 2013 5:36:36 PM
0
(0)
ACE - Professor

This is saying that your computer may have spyware on it. I suggest you either attempt to remove it yourself or take your computer to a professional, not your neighbor/friend that's "good with computers", and get it cleaned.

-------

Resident Xbox ACE. Ask me almost anything about Xbox on U-Verse.

Xbox Gamertag: americangame
PSN: americangame
Steam:americangame
When friending me mention that you found me on the AT&T forums.

This is saying that your computer may have spyware on it. I suggest you either attempt to remove it yourself or take your computer to a professional, not your neighbor/friend that's "good with computers", and get it cleaned.

-------

Resident Xbox ACE. Ask me almost anything about Xbox on U-Verse.

Xbox Gamertag: americangame
PSN: americangame
Steam:americangame
When friending me mention that you found me on the AT&T forums.
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Warning! Your AT&T Uverse Site ID

2 of 6 (11,843 Views)
Highlighted
0
(0)
  • Rate this reply
View profile
Jun 28, 2013 6:10:44 AM
0
(0)
ACE - Master

Birdyz wrote:
AT&T IISS Network Security (netsec@att.net)
... 
I just wanted to make sure this was real and not a spam or scam email.

As far as I can see, it looks legit.  Most of the links are secure (https), and they point to AT&T servers (*.att.net).  Someone would have to be doing some mighty fine hacking to spoof security tokens for att.net servers, not to mention DNS lookups, etc.

 

I agree with the other poster, it looks like you have managed to get yourself a bit of malware installed and this is an AT&T warning that they have received a complaint (strike 1 against you).  These types of things can be nasty to remove/clean up so you are best off taking it to a professional, or if that is not really an option for you, consider starting over clean.  Wipe the entire HD, reformat it and re-install from scratch.  I know some "tech advanced people" who feel that the 24-36 hours they lose reinstallign their PC from scratch is less of a problem for them than the time it takes to really clean these buggers out, and they tend to get the extra added benefit of slightly better PC performance because Windows starts to slow down a bit after a year or so due to all the cruft left behind.


Jerry B.
"GeekBoy"

--

For additional help, please send a PM to ATTCustomerCare.

Birdyz wrote:
AT&T IISS Network Security (netsec@att.net)
... 
I just wanted to make sure this was real and not a spam or scam email.

As far as I can see, it looks legit.  Most of the links are secure (https), and they point to AT&T servers (*.att.net).  Someone would have to be doing some mighty fine hacking to spoof security tokens for att.net servers, not to mention DNS lookups, etc.

 

I agree with the other poster, it looks like you have managed to get yourself a bit of malware installed and this is an AT&T warning that they have received a complaint (strike 1 against you).  These types of things can be nasty to remove/clean up so you are best off taking it to a professional, or if that is not really an option for you, consider starting over clean.  Wipe the entire HD, reformat it and re-install from scratch.  I know some "tech advanced people" who feel that the 24-36 hours they lose reinstallign their PC from scratch is less of a problem for them than the time it takes to really clean these buggers out, and they tend to get the extra added benefit of slightly better PC performance because Windows starts to slow down a bit after a year or so due to all the cruft left behind.


Jerry B.
"GeekBoy"

--

For additional help, please send a PM to ATTCustomerCare.

Jerry B.
"GeekBoy"

--

For additional help, please send a PM to ATTCustomerCare.
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Warning! Your AT&T Uverse Site ID

3 of 6 (11,819 Views)
0
(0)
  • Rate this reply
View profile
Jul 29, 2013 4:07:18 PM
0
(0)
Contributor
Edited by Jatf0rum on Jul 29, 2013 at 6:33:05 PM

I also received this email and downloaded the PC Health Check from pccheck.att.net.

 

Ran the scan on the primary laptop I use with no virus/malware reported. It did come back with 2 critical and 2 high alert items.

 

The 2 criticals:

My CD/DVD drive is not set to Autoplay

My system is not set up to Autoplay any external devices connected like USB Flash drives or external hard drives.

 

The 2 high alert:

My Recycle Bin is over 5% the size of my Hard drive.

I forgot the 2nd one.

 

Then after the programs finishes checking your system and provides the results, it will launch a live chat feature where the AT&T rep can help diagnose your reported issues after you provide them with your account information. Which means they cut/pasted what the report said and notified me that an AT&T technician can help me. I told them I had been notified from original email from netsec@att.net and asked if there was a charge involved. AT&T rep repeated that my system was not properly configured and optimized and that this could lead to slow performance and then cut/pasted a response about how the AT&T tech could resolve my issues for a FEE since the "problem" wasn't on the AT&T side.

 

The issues that were reported, did that really need me to have AT&T's technician to resolve?

 

I do have other computers using my home connection and have used up to date virus scans from the big name companies on them with nothing found.

 

At this point it seems like they are looking to generate more business with "the sky is falling" scare.

 

I'll add to this if something else is found...

I also received this email and downloaded the PC Health Check from pccheck.att.net.

 

Ran the scan on the primary laptop I use with no virus/malware reported. It did come back with 2 critical and 2 high alert items.

 

The 2 criticals:

My CD/DVD drive is not set to Autoplay

My system is not set up to Autoplay any external devices connected like USB Flash drives or external hard drives.

 

The 2 high alert:

My Recycle Bin is over 5% the size of my Hard drive.

I forgot the 2nd one.

 

Then after the programs finishes checking your system and provides the results, it will launch a live chat feature where the AT&T rep can help diagnose your reported issues after you provide them with your account information. Which means they cut/pasted what the report said and notified me that an AT&T technician can help me. I told them I had been notified from original email from netsec@att.net and asked if there was a charge involved. AT&T rep repeated that my system was not properly configured and optimized and that this could lead to slow performance and then cut/pasted a response about how the AT&T tech could resolve my issues for a FEE since the "problem" wasn't on the AT&T side.

 

The issues that were reported, did that really need me to have AT&T's technician to resolve?

 

I do have other computers using my home connection and have used up to date virus scans from the big name companies on them with nothing found.

 

At this point it seems like they are looking to generate more business with "the sky is falling" scare.

 

I'll add to this if something else is found...

Re: Warning! Your AT&T Uverse Site ID

[ Edited ]
4 of 6 (11,579 Views)
0
(0)
  • Rate this reply
View profile
Apr 3, 2016 8:25:18 AM
0
(0)
Contributor
Edited by linxany1 on Apr 3, 2016 at 8:34:05 AM

I too got hit with the same email.  We called tech support and they said it didn't come from their site.  I checked with online blogs and other security area's.  The two contradict one another.  Given the problem services and follow ups I have had with ATT over the last 10 years I am more inclined to believe the blogs and other professionals in the security realm.  Below is the email copy I received the ATT claims not to have sent nor willing to resolve.  I did some checking on the Gatway settings that were left by the technician who installed the device and unless a hacker changed them all it was the setting permitted by ATT.  The location listed above is the passthrough to be connected to the CiscoAP Gateway.  Checked all the settings and the WPA security settings were in full force along with the Avast Firewall Securities.  Other checking showed a hijacking through a google redirect malware. 

Malware infection advisory from AT&T Internet Services Security Center

 

AT&T U-verse Site ID: 118244875 R** F****h Billing Acct Ending: ****

 

Dear R** F****h, AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“gozi”) was observed on Mar 16, 2016 at 6:13 PM EDT from the IP address 107.212.52.110. Our records indicate that this IP address was assigned to you at this time. Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware. Because malware is designed to run in secret, an infected computer may display no obvious symptoms. To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

1.     If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.

2.     Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.

Additional tools and information:

Regards, AT&T Internet Services Security Center

Incident details for 107.212.52.110 Type: gozi Source port: 51119 Destination IP: 212.xx.xx.198 Hostname: - Destination port: 80 For security reasons, the destination IP is partially obscured.

DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.

Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

 

©2005 - 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Privacy Policy (Updated July 24, 2015)

 

 

 

This email has been checked for viruses by Avast antivirus software. www.avast.com

I too got hit with the same email.  We called tech support and they said it didn't come from their site.  I checked with online blogs and other security area's.  The two contradict one another.  Given the problem services and follow ups I have had with ATT over the last 10 years I am more inclined to believe the blogs and other professionals in the security realm.  Below is the email copy I received the ATT claims not to have sent nor willing to resolve.  I did some checking on the Gatway settings that were left by the technician who installed the device and unless a hacker changed them all it was the setting permitted by ATT.  The location listed above is the passthrough to be connected to the CiscoAP Gateway.  Checked all the settings and the WPA security settings were in full force along with the Avast Firewall Securities.  Other checking showed a hijacking through a google redirect malware. 

Malware infection advisory from AT&T Internet Services Security Center

 

AT&T U-verse Site ID: 118244875 R** F****h Billing Acct Ending: ****

 

Dear R** F****h, AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“gozi”) was observed on Mar 16, 2016 at 6:13 PM EDT from the IP address 107.212.52.110. Our records indicate that this IP address was assigned to you at this time. Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware. Because malware is designed to run in secret, an infected computer may display no obvious symptoms. To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

1.     If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.

2.     Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.

Additional tools and information:

Regards, AT&T Internet Services Security Center

Incident details for 107.212.52.110 Type: gozi Source port: 51119 Destination IP: 212.xx.xx.198 Hostname: - Destination port: 80 For security reasons, the destination IP is partially obscured.

DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.

Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

 

©2005 - 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Privacy Policy (Updated July 24, 2015)

 

 

 

This email has been checked for viruses by Avast antivirus software. www.avast.com

Re: Warning! Your AT&T Uverse Site ID

[ Edited ]
5 of 6 (1,268 Views)
4
(1)
  • Rate this reply
View profile
Apr 3, 2016 10:30:09 AM
4
(1)
ACE - Expert
Edited by mibrnsurg on Apr 3, 2016 at 10:34:00 AM

@linxany1   I'd say it's legit, everything seems common sense to securing your computer properly.

 

Download malwarebytes and run it, very good at finding problems.  Should be using WPA2-PSK(AES) wi-fi security, only one that has not been hacked/cracked.

 

They point out it might have come from anything, besides the computer, connecting to your network. Smiley Wink

 

Edit:  Can see by IP address, Cicero, IL.

 

Chris
__________________________________________________________

Please NO SD stretch-o-vision or 480 SD HD Channels
Need Help? PM ATT Uverse Care (all service problems)
ATT Customer Care(billing and all other problems)
Your Results May Vary, In My Humble Opinion
I Call It Like I See It, Simply a U-verse user, nothing more

 

 

@linxany1   I'd say it's legit, everything seems common sense to securing your computer properly.

 

Download malwarebytes and run it, very good at finding problems.  Should be using WPA2-PSK(AES) wi-fi security, only one that has not been hacked/cracked.

 

They point out it might have come from anything, besides the computer, connecting to your network. Smiley Wink

 

Edit:  Can see by IP address, Cicero, IL.

 

Chris
__________________________________________________________

Please NO SD stretch-o-vision or 480 SD HD Channels
Need Help? PM ATT Uverse Care (all service problems)
ATT Customer Care(billing and all other problems)
Your Results May Vary, In My Humble Opinion
I Call It Like I See It, Simply a U-verse user, nothing more

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Warning! Your AT&T Uverse Site ID

[ Edited ]
6 of 6 (1,240 Views)
Share this post
Share this post