« previous next »
Pages: [1]   Go Down

Author Topic: Andromeda here not blocked?  (Read 1152 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Andromeda here not blocked?
« on: January 31, 2014, 05:55:20 PM »
See: tyxb1tch35 dot su/uplink/   124.248.205.135   Andromeda
Two detect: https://www.virustotal.com/nl/url/ab05df16973bbd7cdd5d360fdaa740242a7ca381eff2d2789764809f65cadb7c/analysis/1391185632/
http://urlquery.net/report.php?id=9147737 & http://maldb.com/styxb1tch35.su/uplink/
styxb1tch35.su,124.248.205.135,ns1.cloudns.net,Criminals, (this only denotes mlacode is active, nothing more, nothing less)
Missed completely and utterly here: http://zulu.zscaler.com/submission/show/894fe13040707e2ea68e7675c8e98b74-1391185822
Site is rather new, is that why? Re: http://www.scamvoid.com/check/styxb1tch35.su
Nice read on Andromeda from author Waahoo here: http://cyb3rsleuth.blogspot.nl/2012/02/andromeda-bot.html
and http://blogs.mcafee.com/mcafee-labs/andromeda-botnet-hides-behind-autoit  - link article author = Umesh Wanve
We can establish here that a lot of common website scanner miss these Cybercrime botnet sites (Zeustracker as an exemption)
see: http://app.webinspector.com/public/reports/19817734

polonus
« Last Edit: January 31, 2014, 06:04:00 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »