While browsing, I went to a webpage, and a malicious software alert came up with the Shaw letterhead. It warns me about malware/virus, and to perhaps check my DNS settings. Is this legit? I have antivirus and malware scanners on my computer.
This is a legit message. It's in place on Shaw's DNS servers to help combat the (now older) DNS Redirector infection. The IP address for this website is falling within the IP's that are being blocked.
Tracing route to mp3mixx.com [184.108.40.206]
First recommendation would be to run a virus scan to ensure your computer is not infected with the DNS Redirector infection. I will send an email regarding this thread to our Shaw Customer Protection Team who manages this website. See if they are able to help and\or if it's time to adjust\remove this filter (if traffic from the old DNS Redirector infection has died down).
What webpage? Shaw and Mcafee on the screen you saw?
I went to my usual Mp3 downloading page. It's a paid website, and legal. mp3mixx.com
It is defianately not from Shaw
Their site may have been hijacked, and using your IP address to determine you are from Shaw, so it shows you a Shaw logo.
Every link on the page is fake
But very weird traceroute to it...
Tracing route to mp3mixx.com [220.127.116.11]over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 192.168.5.1 2 * * * Request timed out. 3 * * * Request timed out. 4 9 ms 9 ms 11 ms sw1-gi2-9-48.no.cg.core.wifi.inet [18.104.22.168] 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out.
It almost looks like it is being traced to a ShawOpen location
It must be fake as it has Shaw's old logo on it.
This is the real page
Shaw: Virus Protection - Shaw.ca
Not sure what to say, about it, the time I spent on it, it does look like it is coming from Shaw, but I don't use Shaw's security nor DNS servers, my systems are all clean.
Traceroute doesn't show it from coming outside Shaw's network either, but the IP that resovles is listed as belonging to Hostinger http://www.hostinger.com/
shaw-phil I can promise you my machine has the proper DNS servers, and is not infected...
But if this filter/redirection is interfering with legitimate web traffic, that would be a sign to remove it?
Ditto for me ^
For a long time I believed that Shaw didn't interfere with web traffic, or deliberately block it either.
I guess this confirms that they do too.
But the website works, and looks good when bouncing (proxy) through my over-seas server, which I suppose I should have tried before
Hi dajiao, any chance you could give us some more detail on what this alert looks like and what it says? A screenshot would be perfect so we can see exactly what it is. It could very well be McAfee's Site Adviser.
I have the shot in pdf version but can't attach it here. Here is the text, but with a Shaw letterhead at the top:
You are seeing this page because Shaw has detected your computer making requests to known malicious IP addresses. Your computer may be infected with malicious software (virus/malware) which could compromise your personal information; including bank details, personal and professional email, instant messages and more.
If you have any questions regarding this notification or the malware/virus please contact Shaw at 1-888-784-7383
The information provided on this page is for informational purposes only and Shaw does not provide any technical support to repair these issues.
*Check all computers at this location (PC and Apple)
**Not all external links may be available.
In no event shall Shaw, its partners, and/or associate companies and its or their licensors and/or suppliers be liable for any damages, expenses and/or losses, including, without limitation, loss of profits, loss of data, consequential, special, incidental or indirect damages of any kind arising out of an infection or virus affecting your computer(s) and/or network or the delivery, performance or the use of suggestions provided, even if Shaw has been advised of the possibility of such damages.
Unfortunately malware infections are something that you need to consider every time you connect your computer to the Internet. There is no guarantee that your computer will ever be 100% safe from infection, however there is a combination of steps that you can take to help protect against future malware infections.
Modern antivirus solutions do not impede system performance and are unnoticed by even the most demanding users. Antivirus software, while beneficial, is unfortunately not enough to protect your computer against all viruses. You should be familiar with all the software running on your computer(s) so you can quickly determine if an alert message is from your antivirus software or if it is a ploy to get you to install malware.
Antivirus software can only protect a computer against the threats it knows about, so keep your antivirus software up-to-date and renew it when your subscription expires.
Keep your computer(s) up-to-date with system patches provided by the operating system vendor.
If you have Microsoft Windows, configure Windows updates regularly to check and download any published patches by Microsoft. It is recommended that these be installed automatically; you may, however, elect to install the patches on demand if your environment necessitates this. If you have Apple OSX, configure your Software Update to regularly check for updates (weekly or more frequent). It is recommended that these patches are applied promptly.
Most web browsers will keep themselves up-to-date, or are included in the regular updates provided by your operating system. You will still need to take care when selecting plug-ins, add-ons, or extensions for your browsers. Toolbars should be avoided when possible and only plug-ins that you regularly use should be active.
You should be wary about being prompted to install any software by a web page. The best attitude regarding these prompts is to reject any instruction to install software that you have not directly sought. Do not trust links included on content web pages and locate the software manually.
Many applications read or manipulate content obtained from the Internet. These applications are regularly the target of an attack that permits arbitrary code to be run on a computer. Software provided by Adobe, Oracle (e.g. Java), Microsoft, Apple, Google and many others are continually refined and patched to prevent the use of these kinds of exploits. To protect a computer, you should endeavor to keep all applications as current as possible.
Email is one of the most attractive vehicles for spreading an infection. Infections can be included as attachments or provided through external links. The source of an email is easily spoofed (faked), meaning you can’t be absolutely sure the message came from someone you know, and links and attachments are easily altered to disguise the target.
Avoid opening attachments or clicking links in emails that you were not expecting. If unsure, contact the sender to confirm the validity of the message prior to opening.
Message was edited by: [shaw]colin - removed links and reduced size
Retrieving data ...