Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on January 09, 2019, 12:28:21 AM

Title: Adware Graftor site not being blocked...
Post by: polonus on January 09, 2019, 12:28:21 AM
Many detections here on communicating files: https://www.virustotal.com/#/domain/zz.bdstatic.com
Read background info: https://blog.malwarebytes.com/detections/adware-graftor/
Where we stumbled upon it: https://urlquery.net/report/ae9c51be-4ca2-4156-b8c5-5b2f79823269
and detected adware: https://privacyscore.org/site/119231/
Consider: -https://zz.bdstatic.com/linksubmit/push.js -. content see: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=enouYiNzdHx0W14uXl1tYGxbbmtzdWJtW3RgcHVzaC5qcw%3D%3D~enc
Security vulneralbilties 6 threats found: https://webscan.upguard.com/#/https://zz.bdstatic.com
Re: https://www.cvedetails.com/cve/CVE-2018-19540/ (through excessive server info proliferation vulnerability)
and SPDY protocol 3 vuln: https://support.f5.com/csp/article/K14059
Re: https://webhint.io/scanner/0edc96fb-df5b-431b-8c5c-708ff32e9f5b

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Adware Graftor site not being blocked...
Post by: polonus on January 09, 2019, 01:49:48 PM
Part of this problem is existing server software mono-cultures in countries like Mainland China and Indonesia for instance.
The phishing platforms involved are more of a USA problem - as prizeforyouhere dot com was PHISHING.
Re: https://whois.domaintools.com/104.201.35.243

"Do not wear all your precious eggs in one and the same basket, as you tend to break them more easily".

But is not only these two countries that may come affected by Graftor Ad-PUP:

Example: https://www.superantispyware.com/malwarefiles/SOSOIM4.EXE.html

polonus