Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What general abuse is out here?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: What general abuse is out here? (Read 1452 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
What general abuse is out here?
«
on:
October 08, 2013, 06:18:47 PM »
See:
https://www.virustotal.com/nl/url/8d090075ed6e1e1e9696786a19a93fa8237153c8c225860aaa9faf5f137bdf99/analysis/1381242396/
and
http://quttera.com/detailed_report/blog.daum.net
http://urlquery.net/report.php?id=6455488
versus
http://urlquery.net/report.php?id=2709869
the latter scan with IDS alerts for FILE-FLASH Action InitArray stack overflow attempt
1:24889 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) ->
http://www.snort.org/search/sid/24889
for allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. (FP-prone flash rule, coming up sometimes "in drones" as a genuine attack Redkit EXPLOIT-KIT may be involved to create such an IDS alert:
On Sourcefire the format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products like Defense Centre 4.10 and 4.9.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: What general abuse is out here?
«
Reply #1 on:
October 08, 2013, 06:29:09 PM »
AVG:
http://www.avgthreatlabs.com/website-safety-reports/domain/daum.net/
Malware on Subdomain
Comodo:http://app.webinspector.com/public/reports/17676472 (Clean)
Zulu:http://zulu.zscaler.com/submission/show/51bcdf93cc0f460d49990172699f5705-1381249530
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
What general abuse is out here?