[tor-relays] Fwd: US-CERT Avalanche Notification INC000010

Subject: [tor-relays] Fwd: US-CERT Avalanche Notification INC000010

From: Monkey Pet <monkeypet@xxxxxxxxx>

Date: Mon, 23 Jan 2017 17:57:42 -0800

Delivery-date: Mon, 23 Jan 2017 21:03:02 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=W00pqKW+6Y8+ZAN2Q0KytGa//xK6Ryn5Wf/bdBomRes=; b=EVCXIOwm97ZoVxP8Sbr3OVWIsBsJsrvdggY6yH3/009NthRr2QTAN1Mu/hqoShflIb dqMpO/NPLgJtj8z95cy3A5/o3q27mwkWPA9aX6nv87qBpt8U2Z2l1P+4q5oO3Kz0d93Z n2VGrkjA1822ZVYQ5EXSLMaqVQG/WViQZTPGB4u6zgzjrohEtNbW1/ssf+mC06BDVhwu RHa2TZOG+g2rJZZFzEXr9RgwcPmdg1LJl/aOdllhvvCHT0TK+AY6iK8RsIdPF3KHKpaA 0cAPHBqPj5z66Z3c1F3Ezozi7gy9qaWH+o2VmMYtNJggkNEVYZ58Y7M4ULBNtnmdMxUm ij/w==

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

I received the following email from my ISP, the IP belongs to the tor exit node. I am wondering if the DHS is sending it out to all tor exit nodes?

We received a notice from Homeland Security that a device using your current IP address is infected the Avalanche Malware. The full details are below. Please run antivirus and network security software on all your devices immediately.

Thank you,

ISP

A trusted third party notified the Department of Homeland Security United States National Cybersecurity & Communications Integration Center (NCCIC) that one or more machines on your network was infected with malware associated with the Avalanche botnet infrastructure during December 2016. Avalanche is a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes.
A system infected with Avalanche associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware has the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may allow criminals unauthorized remote access to the infected computer. Infected systems could be used to conduct distributed denial-of-service (DDoS) attacks. For additional information, please see the following US-CERT Technical Alert (TA16-336A): https://www.us-cert.gov/ncas/alerts/TA16-336A

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays