WiFi and Home Networks
WiFi and Home Networks
Bots can operate on nearly any internet-capable device!
- These devices can include (but are not limited to): laptops, tablets and pads, mobile phones, servers, desktop computers, code embedded in games, “Internet of Things” products like light bulbs and appliances, Fire TV sticks and even WiFi routers themselves.
- As of Q2 2020, our systems are detecting many bot connections coming from mobile devices, particularly those using Android OS with 3rd party apps installed.
When any of those bots emit spam, the connection may be detected by Spamhaus, and the originating IP listed by Spamhaus systems. Due to the fact there is such a variety of bots that operate in different ways, we are not able to give specific advice. Here some general ideas about identifying, securing or de-weaponizing an affected device.
- For Microsoft Windows operating systems any or all of the following free tools may help: Windows Defender, Malwarebytes, Norton Power Eraser, CCleaner, or McAfee Stinger.
- For all operating systems: Check tool-bars, extensions and plug-ins on each browser for anything you don’t recognize. Look for “free” VPNs and other heavily-monetized apps. We advise disabling these as part of the process of elimination outlined below.
- Calling your ISP, IT department, or taking your suspect machine(s) to a competent tech support service might also be useful.
WiFi networks and apps can often be diagnosed by a process of elimination.
- Remove all devices from the wifi system.
- Wait a few days to see if it relists in our data.
- Reconnect the devices, one by one, waiting a few days to see if a listing occurs, before adding the next one.
- When the IP relists, it is likely the newest device.
- When the problem has been located and fixed, please open a ticket for removal of the IP.
- You can also use the lookup tool to monitor your IP’s status if you are concerned about another device or a re-listing.
NOTE: While each device is connected, open and use all the apps on it, since sometimes it is the use of the app which triggers the bot.
- Be particularly careful of recently installed or 3rd party apps. We have also found that malicious code is sometimes detected even in long-installed apps that have been recently updated.
- Removing or disabling apps, then slowly adding them back one by one, with several days in between, may work to identify the vulnerable software.
- We are VERY interested in the specific app, version, and even the installed code of such apps, if you are able to provide that to us. Such information helps us help others.
- Do you supply a guest network or free wifi? If so, those often have a lesser security profile and should be reviewed.
- Please close port 25 on your router or firewall, and also for your guest network if you have one.
If none of this works, professional help may be required. Please call your provider for information.Back