Author Topic: Malware apparantly reported as dead, still given as detected..  (Read 2295 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Given as suspicious here: http://zulu.zscaler.com/submission/show/dd5a3b14779f4e40a7d4fcaf9b483e08-1340999431
Link scan resulted in: http://vscan.urlvoid.com/analysis/a989d60a103f9b8de364391faca0c7c2/YjY4NjM=/
Malware after been alive for 2.4 hrs was found to be dead at 2012-06-28 18:36:39
See analysis: http://anubis.iseclab.org/?action=result&task_id=13533fc4d2c303a04fd2d0795e6e4b248
Avast Networkshield blocks site as URL:Mal,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Malware apparantly reported as dead, still given as detected..
« Reply #1 on: June 29, 2012, 10:28:03 PM »
Given as suspicious here: http://zulu.zscaler.com/submission/show/dd5a3b14779f4e40a7d4fcaf9b483e08-1340999431
Link scan resulted in: http://vscan.urlvoid.com/analysis/a989d60a103f9b8de364391faca0c7c2/YjY4NjM=/
Malware after been alive for 2.4 hrs was found to be dead at 2012-06-28 18:36:39
See analysis: http://anubis.iseclab.org/?action=result&task_id=13533fc4d2c303a04fd2d0795e6e4b248
Avast Networkshield blocks site as URL:Mal,

polonus

Good Evening Polonus!

Dead? Here is what is downloaded.......

https://www.virustotal.com/file/51408d63175902d54ae1d0152db1669cb01c6a4f7354b167bd703098012fec58/analysis/1341001461/

Rightly so, that the blocks.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Re: Malware apparantly reported as dead, still given as detected..
« Reply #2 on: June 29, 2012, 10:44:51 PM »
Hi Dim@rik,

Thanks for confirming the malware there is still "alive and kicking",
DrWeb detects this as BackDoor.Maxplus.91

So it is very much alive and VirusWatch has wrongly reported the malware to be dead.
Another reason to check and counter-check resources continuously....
There is more on that Ukranian IP: http://urlquery.net/report.php?id=75489

ET TROJAN Potential Blackhole Exploit Pack Binary Load Request
urlQuery Client   ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - readme.ex-

Good avast Networkshield has all of us protected here,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!