If you read down to the bottom of the article where it details how to find out if you have one it says "Have you jailbroken your device?" which is essentially the only way to get a virus on the iOS platform as it breaks out of the walled garden and takes down the safeguards of the OS.
The only other example of an actual known attack the article gives is xcodeghost, which was a compromised illegitimate version of xcode that injected malicious code into the application during compilation, and even then the malicious code still couldn't access anything outside the confines of the application the developer had unwittingly allowed it to inject into.
Sending Emails has stopped working again. Have ran malwarebytes again but has not found anything. I have attached log from Thunderbird and wonder if anyone can help once again. [114560:Main Thread]: I/SMTP SMTP Connecting to: smtp.virginmedia.com:465 [114560:Main Thread]: I/SMTP SMTP entering state: 0 [114560:Main Thread]: I/SMTP SMTP Response: 220 know-smtprelay-10-imp cmsmtp ESMTP server ready [114560:Main Thread]: I/SMTP SMTP entering state: 14 [114560:Main Thread]: I/SMTP SMTP Send: EHLO [127.0.0.1]
Spamhaus say it’s because it address has been detected spamming, they have cleared the block to my IP address but say it could be short lived unless I can find the problem. I have ran 3 different anti malware programs on both laptop and desktop and neither have found anything. I have also tried putting zip address into 2 different bot detection websites and they have come back as clear. Any suggestions what I can do to try and find the problem. Many thanks
Bear in mind that the outbput is given as follows.
Protocol Local IP address:Port Remote IP address:Port Connection state Process ID
We're actually looking for Port 25 to appear on the Remote IP address:Port combination i.e. the parts I've highlighted in red. I've actually got a program listening for connections on port 25 but only from the same computer. However lets connect to it to show you how netstat can be used.
I'll connect to the listening program. Now when I run netstat I get this:
Note that Windows uses IPv6 by default and ::1 is the IPv6 equivalent of 127.0.0.1 - the loopback IP address.
So we can see an outbound connection has been made to port 25 It's currently connected "ESTABLISHED" and is on PID 40688
So how do we find out what process that is?
There's a windows command tasklist to find a list of running commands. By piping it through find we can save hunting through the whole list
C:\Users\timdu>tasklist | find "40688"
telnet.exe 40688 Console 1 6,612 K
We see that in this case the program is telnet.exe
The above is not exactly a surprise to me as I used telnet to make the connection. But I hope this demonstrates the principle well enough.
Alternatively you could try blocking OUTBOUND connections to port 25 on all remote IP addresses in windows firewall.
Unless you're actually running a mail server you shouldn't need it, UNLESS you have an account with a backwards email service that ONLY uses port 25 (I'm looking at you as an example Plusnet), but there shouldn't be too many of those out there. Also if you are running a mail server you shouldn't be delivering mail directly to mail exchangers so you still don't need port 25 outbound.
As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.