« previous next »
Pages: [1]   Go Down

Author Topic: Avast Networkshield protects against Av tracker and blocks it!  (Read 2303 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33918
  • malware fighter
Avast Networkshield protects against Av tracker and blocks it!
« on: July 03, 2012, 02:38:10 PM »
Avast Network shield detects avtracker as URL:Mal
Avtrackers are a way of malversants to protect their malware (bots) against detection.
See: http://www.exposedbotnets.com/2012/05/anti-zs-spyeyes-tracker-htaccess.html
with a.o. Joebox and GFI sandbox and many others...
IDS Suricata/w Emerging Threatys                                                  Severity   Alert
2012-07-03 14:21:53    212.63.206.51    urlQuery Client        3           ET RBN Known Russian Business Network IP (166)
These are the actions of the av tracker, re: http://honeyblog.org/archives/37-AV-Tracker.html  link article author  Thorsten Holz
Armed with up-to-date information about these automated scanning services,
malversants could instruct their creations to quit loading or destroy themselves
if they detect they are being downloaded by one of these services.
Avtracker was developed by an Austrian blackhat that turned against the av industry where he once was employed

Avast networkshield detects and blocks: htxp://avtracker.info/  & htxp://avtracker.info/tracker.php?ip=216.245.222.15 & hxtp://avtracker.info/tracker.php?ip=72.64.146.112 and various others...
Not many detect this: https://www.virustotal.com/url/239d370f762866af32ecfe203bff8578854b9bf4f947c68d08d017ef375b5750/analysis/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33918
  • malware fighter
Re: Avast Networkshield protects against Av tracker and blocks it!
« Reply #1 on: December 11, 2014, 01:59:27 AM »
Seems that the site has been removed here: http://mirror1.malwaredomains.com/files/removed-domains-20101128.txt
Web Rep info controversial: https://www.mywot.com/en/scorecard/avtracker.info?utm_source=addon&utm_content=popup
Bitdefender's TrafficLight extension and avast block site as malicious.
DrWeb flags it as OK:
Checking: htxp://avtracker.info
Engine version: 7.0.10.8210
Total virus-finding records: 5570887
File size: 23.63 KB
File MD5: dc03f8f0c2f5de9ff62f23a857ca40db

htxp://avtracker.info - Okhttps://www.virustotal.com/nl/url/239d370f762866af32ecfe203bff8578854b9bf4f947c68d08d017ef375b5750/analysis/1418259254/
Given as clean: https://www.metascan-online.com/en/ipscan/YXZ0cmFja2VyLmluZm8=
Suspicious: http://zulu.zscaler.com/submission/show/4f2c112cb6db83b671ada13e78135349-1418259420
Secure: http://sitecheck.sucuri.net/results/avtracker.infohttp://quttera.com/detailed_report/avtracker.info
3 still to detect: https://www.virustotal.com/nl/url/239d370f762866af32ecfe203bff8578854b9bf4f947c68d08d017ef375b5750/analysis/1418259254/

polonus
« Last Edit: December 11, 2014, 02:07:17 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »