Let me preface this by confessing that I was recently the victim of a major malware attack on my system. A really nasty Trojan got by my defenses and wreaked
havoc on my system. If it were not for and a program called ComboFix, I would have had to reformat the system which I really didn't want to do. To make a
long story short, it is not an experience you want to be plagued with. It took just over 48 hours to recover and over a hundred system scans during that time
period. Hey, this was something new to me and I learned each time I had to reboot.
So, now that I have additional protection at work, I'm finding some things that are rather disturbing; the detection of malicious IPs when clicking links to
third party sites. Yes, that's right, my new protection seems to be a bit more robust than what I previous had. I have a feeling that I've been infected for
longer than I suspect. And for those thinking that I may still be infected, think again. I'm now running full system scans on a regular basis and of course
have all additional real time stuff at play. I wasn't so vigilant previously. All it takes is for me to get bit once and I'm making changes.
Back to the topic. In the past few days, I've visited websites and clicked on one of their external links which was blocked due to being a malicious IP.
Those links are no longer available to me for safety purposes so I don't have to worry about clicking them again. But I got to thinking, how much of this is
going on with your external links? Have you checked ALL of your outbounds to ensure that they are malicious IP free? Are you 100% certain? Could it be
possible that many folks complaining of major losses in traffic are victims of their own outbound links?
The sites I visited and clicked on external links are well known industry news sites. I have this sneaky suspicion that many folks are unprotected against
stuff like this and they don't see the malicious IP warnings. I'm going to be paying very close attention to this moving forward. I went to Mom's house after
recovering my system. She too was infected with 9 Trojans that her existing security software did not detect. Why? Because two of the Trojans were security
disablers. She was wondering why her Internet Security kept going off and would turn it back on. Only to find it go off again shortly thereafter. Scary stuff
folks. She now has the same protection I do. :)
P.S. I was hit with a RootKit Trojan. That one initiated other RootKits which in turn wreaked total havoc on my system. It disabled all of the protection I
had in place which was a bit more than average, or at least I thought it was. Be careful out there.
[edited by: tedster at 2:01 pm (utc) on Oct 23, 2012]