Author Topic: Conflicting detections?  (Read 1892 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33568
  • malware fighter
Conflicting detections?
« on: May 09, 2013, 09:16:22 PM »
Found this bad host via Bothunter IP search: http://kb.bothunter.net/ipInfo/nowait.php?IP=69.43.161.167
At Palevo Tracker I get a conflicting report: https://palevotracker.abuse.ch/?ipaddress=69.43.161.167
Where the rating was changed here: http://www.fortiguard.com/ip_rep/index.php?data=69.43.161.167?   to malciious
Going to this interesting info at VT: https://www.virustotal.com/en/ip-address/69.43.161.167/information/
(see the detection ratio for the various malware finds)
and various items far from sorted out -> http://support.clean-mx.de/clean-mx/viruses.php?ip=69.43.161.167&sort=firstseen%20DESC
See recent reports from same IP: http://urlquery.net/report.php?id=2395655
See IDS for MALWARE-CNC Sality logos.gif URL dest IP = 91.195.240.107  Unverified here: http://kb.bothunter.net/ipInfo/nowait.php?IP=91.195.240.107
and what went on really there: https://www.virustotal.com/en/ip-address/91.195.240.107/information/ because dected as a ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server (group 18) -> detected according to these rules in /anti-botnet.20130311_d.txt.htm

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!