Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on March 03, 2019, 07:14:01 PM

Title: Does avast detect AVTECH_IP_CAMERA_WORM?
Post by: polonus on March 03, 2019, 07:14:01 PM
Where it resided: at IP - ; nginx 1.14.0 (Ubuntu) ; Digital Ocean LLC  AS14061 Linux 3.1.-3.10 last seen 2019-01-31
See: https://www.shodan.io/host/  Remove semantic-ui from dependencies:
RE: https://snyk.io/test/npm/semantic-ui  and  https://snyk.io/test/npm/semantic-ui
Detected via: https://github.com/GreyNoise-Intelligence/api.greynoise.io/blob/master/README.md

From that same Santa Clara base: -https://beta.finret.com/ Did not follow redirect to -
44 hints to improve that website:
of which 15 security related: https://webhint.io/scanner/4a63b065-1a5b-4291-aa12-e3a08b3d7e71#Security
Vulnerable: Security Checks for -https://beta.finret.com
(4) Susceptible to man-in-the-middle attacks
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion

Vulnerabilities can be uncovered more easily

(2) Unnecessary open ports
App ports open
Administration ports open
Also consider: https://toolbar.netcraft.com/site_report?url=https://beta.finret.com  (1 red out of 10 Netcraft Risk rating).
earlier known as Date resolved   Domain on IP
2019-03-01   dns102.monetizar2.com
2019-02-26   dns102.motoaxdb.com  no secure connection: NET::ERR_CERT_COMMON_NAME_INVALID

Into what kind of abuse is IP involved:
NETIS_ROUTER_ADMIN_SCANNER_HIGH   activity   Null   high   2019-02-02   2019-02-02
REALTEK_MINIIGD_UPNP_WORM_CVE_2014_8361   worm   malicious   high   2019-02-02   2019-02-02
SSH_WORM_HIGH   worm   malicious   high   2019-02-01   2019-02-03
SSH_SCANNER_HIGH   activity   Null   high   2019-02-01   2019-02-03
HUAWEI_HG532_UPNP_WORM_CVE_2017_17215   worm   malicious   high   2019-02-01   2019-02-01
AVTECH_IP_CAMERA_WORM   worm   malicious   high   2019-01-31   2019-01-31
WEB_CRAWLER   activity   Null   high   2019-01-31   2019-02-02
CGI_SCRIPT_SCANNER   scanner   malicious   low   2019-01-31   2019-01-31
WEB_SCANNER_HIGH   activity   Null   high   2019-01-31   2019-02-02
SSDP_UPNP_SCANNER_LOW   activity   Null   low   2019-01-31   2019-01-31
HTTP_ALT_SCANNER_LOW   activity   Null   low   2019-01-31   2019-01-31
ZMAP_CLIENT   tool   Null   high   2019-01-31   2019-02-04
Info credits go to GreyNoise Visualizer

Title: Re: Does avast detect AVTECH_IP_CAMERA_WORM?
Post by: Sirmer on March 03, 2019, 07:48:19 PM
Thanks for information, IP will be block and I will forward info about Greynose to other people in Lab