Computers & Electronics

Rogers Internet Security Message??

  • Last Updated:
  • Sep 15th, 2020 3:33 pm
[OP]
Deal Addict
Dec 11, 2006
4144 posts
1427 upvotes
Ajax

Rogers Internet Security Message??

Did some recent internal changes to the set up at home, specifically putting Rogers CODA modem into bridge mode and using an Asus RT-86U as the main wireless router for the home. Running LAN ports to various places in the house and added two more Asus products to create an imesh set-up. Did this on Sunday.

Today I get this email from Rogers stating this:
Dear Valued Customer,

There's a problem with an internet-connected device in your home that's interfering with the Rogers network in your area. This may be a computer, phone, tablet, sensors or any other device connected to your Wi-Fi. Unfortunately, we're unable to help you identify the problem device.

The problem device in your home is infected with a virus. You need to remove the infection to strengthen the security of your information and ensure that only authorized users have access to your network.

Because the problem is with your device and not the Rogers network, Rogers can't offer you additional support in this matter. We need you to take the necessary steps to resolve this issue.

We recommend you:
1. Run an anti-virus program to remove any infections.
2. Speak to a third-party computer repair technician.
3. Click here <https://about.rogers.com/responsibility/cyber-security/> to see some of the best practices you can follow to keep your devices safe and up-to-date.

Under the Rogers Terms of Service and Acceptable Use Policy, you are responsible for the security of any device you connect to the service.

If you fail to correct this issue, your service may be suspended and/or terminated as per the Rogers Terms of Service and Acceptable Use Policy.

At the bottom of the email it listed this:

IP 174.114.25.2 .
data: IP: 174.114.25.2
TIMESTAMP: 2020-06-22 23:39
EVENTTYPE: BLACKLIST_HTTP
IP: 174.114.25.2
METHOD: POST
HOST: differentia.ru
URL: http://differentia.ru/diff.php
RESOURCE: /diff.php


So I went into Chat with Rogers tech and they were pretty useless. Could not confirm the bottom portion meant anything, When I looked up differentia.ru it comes up as possible malaware pop up etc. I said to the tech so I am getting Rogers warning emails for pop-ups? That violates terms of use? Couldn't answer.

Anyhow checked all devices, firewall is engaged on the router, all devices have Norton. Have run full scans and nothing has shown up. I have no pop ups or anything acting strange. I even ran a 3rd party check on the router itself and it came back clean.

Anyone with any idea? Or why Rogers is sending this?
69 replies
Deal Expert
User avatar
Mar 25, 2003
15074 posts
3847 upvotes
Markham
Last edited by Keigotw on Jun 25th, 2020 3:11 pm, edited 1 time in total.
96TB Mediasonic H82-SU3S2 / 72TB Raid 50 on Mediasonic H8R2-SU3S2
48TB Node 304 / i5-3570 / Server 2016 Essentials
12TB HP Mediasmart EX 495 (E8400, 3.0GHZ, 4GB Mushkin), with Server 2016 Essentials
16TB Qnap TS-459 Pro
Jr. Member
Apr 30, 2014
188 posts
64 upvotes
mrtvgame wrote: Did some recent internal changes to the set up at home, specifically putting Rogers CODA modem into bridge mode and using an Asus RT-86U as the main wireless router for the home. Running LAN ports to various places in the house and added two more Asus products to create an imesh set-up. Did this on Sunday.

Today I get this email from Rogers stating this:
Dear Valued Customer,

There's a problem with an internet-connected device in your home that's interfering with the Rogers network in your area. This may be a computer, phone, tablet, sensors or any other device connected to your Wi-Fi. Unfortunately, we're unable to help you identify the problem device.

The problem device in your home is infected with a virus. You need to remove the infection to strengthen the security of your information and ensure that only authorized users have access to your network.

Because the problem is with your device and not the Rogers network, Rogers can't offer you additional support in this matter. We need you to take the necessary steps to resolve this issue.

We recommend you:
1. Run an anti-virus program to remove any infections.
2. Speak to a third-party computer repair technician.
3. Click here <https://about.rogers.com/responsibility/cyber-security/> to see some of the best practices you can follow to keep your devices safe and up-to-date.

Under the Rogers Terms of Service and Acceptable Use Policy, you are responsible for the security of any device you connect to the service.

If you fail to correct this issue, your service may be suspended and/or terminated as per the Rogers Terms of Service and Acceptable Use Policy.

At the bottom of the email it listed this:

IP 174.114.25.2 .
data: IP: 174.114.25.2
TIMESTAMP: 2020-06-22 23:39
EVENTTYPE: BLACKLIST_HTTP
IP: 174.114.25.2
METHOD: POST
HOST: differentia.ru
URL: http://differentia.ru/diff.php
RESOURCE: /diff.php


So I went into Chat with Rogers tech and they were pretty useless. Could not confirm the bottom portion meant anything, When I looked up differentia.ru it comes up as possible malaware pop up etc. I said to the tech so I am getting Rogers warning emails for pop-ups? That violates terms of use? Couldn't answer.

Anyhow checked all devices, firewall is engaged on the router, all devices have Norton. Have run full scans and nothing has shown up. I have no pop ups or anything acting strange. I even ran a 3rd party check on the router itself and it came back clean.

Anyone with any idea? Or why Rogers is sending this?
What do you get if you click on the url?

When I click on it, it goes to a sink hole. If yours does not, then maybe you have some work to do.

You can start reading...

https://www.virusresearch.org/remove-di ... -ru-virus/
How did I get infected with?
Differentia.ru only begins to appear after the adware, which is lurking behind it, has managed to slither into your system. And, for that to happen, the pesky program has to inquire whether you agree to install it or not, and you have to answer affirmatively. If you don’t, the adware cannot enter your system, cannot settle, and cannot begin to force the Differentia.ru page on you. Logically, it’s safe to assume that the tool did ask, and you did comply with its installment, because if you hadn’t, you wouldn’t be in your current predicament. But how? How did you consent to the install of a malicious program, and not even realize it? Well, it’s pretty straightforward. At the time of the inquiry, you had no idea what you agreed to. You were duped. Adware doesn’t just openly show up and ask for your approval. |Oh, no. It turns to deception and finesse, and employs every known trick in the book, so as to follow the rule and ask for permission, but still do it sneakily enough so as you not notice it. It may sound complex, but it’s rather simple. The tool’s usual antics includes hiding behind freeware or spam email attachments, corrupted links or sites. It can even pretend to be a fake update, like Adobe Flash Player or Java. And, if you’re not careful enough to catch it in the act as it’s attempting to invade your system, then its invasion is successful. Remember that infections prey on carelessness. So, don’t provide it! Instead of giving into gullibility, haste, and distraction, be more thorough and vigilant! Never skip reading the terms and conditions, and always do your due diligence. More often than not, even a little extra attention can save you a ton of troubles and headaches.

****edit****
After reading more about those similar letters from Rogers, I would not be surprised if Rogers effed up and that you are indeed fine.
Member
Nov 18, 2007
228 posts
325 upvotes
Markham
I know the Rogers modem for some reason doesn't collect logs, or they just don't allow the subscriber to access them, so it's a good thing you set it to bridge mode and installed your own. With that said, maybe check your routers network/connection logs. See if there is a device on your network trying to access that url or ip.
[OP]
Deal Addict
Dec 11, 2006
4144 posts
1427 upvotes
Ajax
puttar wrote: I know the Rogers modem for some reason doesn't collect logs, or they just don't allow the subscriber to access them, so it's a good thing you set it to bridge mode and installed your own. With that said, maybe check your routers network/connection logs. See if there is a device on your network trying to access that url or ip.
I am looking at the logs but not exactly sure what I should be looking at?
I have run software on all devices and they have come back everything is good. Strange.

ALso should UPnP be disabled? That was the only thing that was suggested when I ran the router security assessment.
Deal Expert
Aug 22, 2011
33646 posts
19453 upvotes
Ottawa
mrtvgame wrote: ? Printer
Wireless printer that's connected to your router may be vulnerable and the cause of the security concern?
[OP]
Deal Addict
Dec 11, 2006
4144 posts
1427 upvotes
Ajax
TeateaM wrote: What do you get if you click on the url?

When I click on it, it goes to a sink hole. If yours does not, then maybe you have some work to do.

You can start reading...

https://www.virusresearch.org/remove-di ... -ru-virus/




****edit****
After reading more about those similar letters from Rogers, I would not be surprised if Rogers effed up and that you are indeed fine.
The thing is I have had no pages or anything that resembles that. lol The "tech" couldn't tell me what it was. Rogers is full of shit.
[OP]
Deal Addict
Dec 11, 2006
4144 posts
1427 upvotes
Ajax
vkizzle wrote: Wireless printer that's connected to your router may be vulnerable and the cause of the security concern?
No no wireless printers connected.
Deal Expert
User avatar
Mar 25, 2003
15074 posts
3847 upvotes
Markham
Do you remember if this is the IP you had before ( 174.114.25.2 )
or new ip after you changed the setup?
from changing the set up to getting email from Rogers, how long was that?
96TB Mediasonic H82-SU3S2 / 72TB Raid 50 on Mediasonic H8R2-SU3S2
48TB Node 304 / i5-3570 / Server 2016 Essentials
12TB HP Mediasmart EX 495 (E8400, 3.0GHZ, 4GB Mushkin), with Server 2016 Essentials
16TB Qnap TS-459 Pro
Sr. Member
Jun 21, 2011
802 posts
90 upvotes
YYZ
Just block the ip to that website using your router firewall
Sr. Member
User avatar
Apr 29, 2018
672 posts
381 upvotes
Most likely an infected Windows PC. Or are you by chance running a web server or something? I don't think a printer/router type device would be able to do this

That domain is sinkholed (i.e held by a security firm), so Rogers was probably notified by them that a device from 174.114.25.2 is trying to connect to that server.
[OP]
Deal Addict
Dec 11, 2006
4144 posts
1427 upvotes
Ajax
Keigotw wrote: Do you remember if this is the IP you had before ( 174.114.25.2 )
or new ip after you changed the setup?
from changing the set up to getting email from Rogers, how long was that?
I changed the set up the afternoon of the 21st and according to their email the event occurred on the 23rd at 11:39 P.m.
Not sure what the IP was before but that IP they quoted is their own IP in Ottawa. ?

Top