AT&T Uverse Malware Infection Advisory - Citadel
AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection was observed on Jun 30, 2014 at 11:42 PM EDT from the IP address (my IP - removed for privacy). Our records indicate that this IP address was assigned to you at this time. Infection details:
Source port: 51810
Destination IP: 198.xx.xx.98
Destination port: 80
For security reasons, the destination IP is partially obscured.
Infected devices are often used as participants in zombie computer networks ("botnet"). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are typically used for attacks on websites, spamming, fraud, and distribution of additional malware.
Oddly enough, I have been away from home for the past week and none of my computers were left on. I do have a fairly well connected home with several Foscams, a DLink DNS-325, DirecTV boxes and a SlingBox on my network but are any of those candidates for malware? I checked the log on the DNS-325 and did not see anything unusual. I do have WiFi but it is secured with WPA. Any tips on how to further investigate the source?