Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on May 09, 2013, 09:16:22 PM

Title: Conflicting detections?
Post by: polonus on May 09, 2013, 09:16:22 PM
Found this bad host via Bothunter IP search: http://kb.bothunter.net/ipInfo/nowait.php?IP=69.43.161.167
At Palevo Tracker I get a conflicting report: https://palevotracker.abuse.ch/?ipaddress=69.43.161.167
Where the rating was changed here: http://www.fortiguard.com/ip_rep/index.php?data=69.43.161.167?   to malciious
Going to this interesting info at VT: https://www.virustotal.com/en/ip-address/69.43.161.167/information/
(see the detection ratio for the various malware finds)
and various items far from sorted out -> http://support.clean-mx.de/clean-mx/viruses.php?ip=69.43.161.167&sort=firstseen%20DESC
See recent reports from same IP: http://urlquery.net/report.php?id=2395655
See IDS for MALWARE-CNC Sality logos.gif URL dest IP = 91.195.240.107  Unverified here: http://kb.bothunter.net/ipInfo/nowait.php?IP=91.195.240.107
and what went on really there: https://www.virustotal.com/en/ip-address/91.195.240.107/information/ because dected as a ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server (group 18) -> detected according to these rules in /anti-botnet.20130311_d.txt.htm

polonus