ISP Worm

[Malaris 0]

Is it possible for an ISP's sever to be infected with a worm? Or worse still the ISP to deliberately send a worm/virus?

 

For the purpose of this post I will name my ISP 'AAA'

.

Quite a while ago when I hardly used the internet I signed up for a 'pay-as-you-go' internet service, as soon as I set this up my PC was infected with a variation of the W32.Blaster.Worm.

 

My PAYG internet was a set charge per minute but had an extra cost everytime you connected-as this worm causes one to continually loose a connection to the internet I seriously wondered if 'AAA' might be sending this worm deliberately everytime I installed the relevant software and set-up my internet account with them.

 

This worm will cause absolutely no trouble to anyone who knows how to combat it but to the people with limited knowledge in this field it could have been a way for 'AAA' to screw people out of money for reconnection charges or for an 'AAA' technician to be called out.

 

I soon used FixBlast on the bugger and that was that.

 

However when I upgraded to broadband from the same ISP guess what happened? Yep, you guessed it the worm came back. Yet again I used FixBlast however, as broadband is a monthly service and requires no connection charge, I now doubted if this worm was deliberate-does this mean that my ISP 'AAA' could have a worm in their master server and not know about it?

Is this possible or was my first theory correct?

 

For anyone who is having trouble with this worm (even though it is an old worm now) the relevant program to remove it can be found here; http://securityresponse.symantec.com/avcenter/FixBlast.exe

 

[Malaris 0]

I also forgot to mention that during the installation process, it asked me to remove my firewall and turn off all Anti-Virus software until I was told to reactivate them and the instalation was complete.

 

I am well aware that this is more than likely so they can infect me with spyware (yes I actually read EULA's!) however could it also be so they can send a worm-I am very suspicious about this....

[Malaris 0]

Recommend any programs I could substitue for IE?

 

Where can I get them?

 

(I don't seem to have any problems with IE but everyone else seems to hate it)

[adamvjackson 0]

Possible, but highly unlikely, as certinaly others would have observed similar unethical behavior. Blaster is a very agressive worm, and can infect an unprotected host very, very quickly, which I believe is what happened. The best, most accurate way to determine the source would be to install a packet capture library and dump the packets.

[adamvjackson 0]

I could have sworn that I looked at Port Reporter a few years ago, but maybe not.

 

Specifically, I was referring to WinPcap and Ethereal or Packetyzer.