can spam/viruses target an ip address?

[1dannyd]

Friend of mine had some serious spyware, virus infections. I wiped the hardrive, installed fresh and new everything, brought it back down, she plugs it in to Versizon dsl and a day later she's back at poopsville. So she gave it back to me and a friend let her use a laptop. boom - she turned it on and all these virus notifcation are banging her hard.
Now ANOTHER friend just lent her a THIRD pc, she plugs it in to the verizon dsl, boot and doesn't even go to the internet and bang bang bang all these things are flooding in.
SO, here's the question, can viruses and or spam and popups "target" an ip address? I've told her to call verizon and have them release/renew for her number. But, it's odd nonetheless and i'm wondering.....

 

[cyberspace]

Is it a static IP for that number? Release/Renew only works if they use DHCP.

If it's not static, then disconnecting and reconencting will get a new address.

Can't you use more aggressive measures to stop the spyware and virii getting in in the first place? Sounds like there is very little protection....

Make sure you have up to date virus checker, good anti spyware software (I reccommend MS or Spybot) and use a hosts file to actually block the source of the nasties in the first place.

In response to your question regarding targeting, i don't know for certain, but i dare say it's possible. However, more likely a range of IP's than just the specific IP you have had trouble with - there would be nothing to gain from this really.

 

[KiscoKid]

I've never heard of a virus worm that targets specific IP addresses. I've heard of them sending info back to some IP address of an IRC server from an infected machine but that's about it.

Don't forget DSL is 'always-on' so as soon as she connects to the phone line and logs in to the provider, she is susceptible to reinfection. It sounds like to me either the provider has got an infection and is infecting its customers (I work for an ISP and believe me it happens - a LOT!) and/or other DSL customers from the same provider are infecting your friend's machine.

Either way do what the previous poster suggested and upgrade your virus checker BEFORE you go online. It would be helpful if you can try and verify which worm it is that keeps infecting the machine. Once you know the worm, you can check your particular anti-virus suppliers website and verify they have an update that can get rid of it.

That said, if you do know what worm it is and its general behaviour, i.e. what port(s) it likes to attack on, you could put some form of access control on your DSL router (if it supports firewalling) to stop anything on these ports speaking to your friend's LAN. If it hasn't got a firewall, WIndows can do some basic firewalling and should be able to block the port(s) there.

KK
CCDP CCNP CCIE(Written)

 

[1dannyd]

well that's the wierd thing. After the first time, and she had Mcaffee completely out of date, I redid her pc and put in AVG and free a-v out of Germany. Spybot SnD 1.4, A-Squared and the Microsoft one too. Kerio personal Firewall, and google toolbar popupblocker. Everything checked out from my dsl connection, everything brand psanky new and up to date and then WHAM.
So I took it away and loaned her my completely up to date and well protected pc, never a problem for me. She plugs in and WHAM.
Now I have her original one, completely formatted, XP pro, all updated, and well protected and I'm hesitant. But, here goes. I'll keep you all posted. A targeted dhcp block sounds more like it then a single dhcp ip but...
Thanks all for the thoughts.