Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
From the Immortal list of malicious DNS domains...avast! detects!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: From the Immortal list of malicious DNS domains...avast! detects! (Read 1776 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
From the Immortal list of malicious DNS domains...avast! detects!
«
on:
May 09, 2013, 06:58:29 PM »
Hi folks,
Just an example of such a domain:
https://spyeyetracker.abuse.ch/monitor.php?ipaddress=31.3.245.212
See:
http://sameid.net/ip/31.3.245.212/
More information can be found via a new service of VT:
https://www.virustotal.com/en/ip-address/31.3.245.212/information/
Specific example od a malicious DNS and SpyeEye domain is this domain:
https://spyeyetracker.abuse.ch/monitor.php?host=bronetbro.com
Let us explore therefore: -bronetbro.com/bad.php
See the recent reports mentioned here:
http://urlquery.net/report.php?id=2394235
Also see this malware report for the AS:
http://support.clean-mx.de/clean-mx/viruses.php?as=AS35662&response=
Some of the malware from there now dead and earlier detected by avast!
https://www.virustotal.com/en/file/8f37a1e1b6dcd98275cdfab380611699fa7a794ce500c0f1f438cde17bce5e65/analysis/
Here avast! detection just one of three that detect:
https://www.virustotal.com/en/file/a46d2ec51d7b2110802075408c2a78b95ebe30fea73fdea6ba60df3096a34508/analysis/
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Re: From the Immortal list of malicious DNS domains...avast! detects!
«
Reply #1 on:
May 09, 2013, 07:11:16 PM »
Found suspicious here:
http://siteinspector.comodo.com/public/reports/13978679
On shell script attack code, see:
http://urlquery.net/report.php?id=2159175
We have a resource to explore here:
http://www.bothunter.net/live/2012-07-16/index.html
Example
192.168.1.40
1.1 VIEW 2
122.169.240.178 122.169.240.178 , , , .
1:22009200 {tcp} Inbound Attack: ET CURRENT_EVENTS Conficker.a Shellcode MAC_Dst: 00:30:48:30:03:AE; 445<-4753
Snorts Alerts triggered by data analyzed...
Latest from Bothunter 10 detections added:
http://www.bothunter.net/live/2013-05-09/index.html
polonus
«
Last Edit: May 09, 2013, 07:37:18 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
From the Immortal list of malicious DNS domains...avast! detects!