Author Topic: Again the avast! Webshield detects...  (Read 1662 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Again the avast! Webshield detects...
« on: September 29, 2014, 06:20:24 PM »
Also on DrWeb's "known infection source" list.
https://www.virustotal.com/nl/url/8c5590f7fa96774b439395caf2b992c2953c938180c0123884db0ccc0cc83910/analysis/1412006919/
http://sitecheck.sucuri.net/results/buu4k-filues.gotovo-okno.ru  (Outdated server software)
http://zulu.zscaler.com/submission/show/6b55efbeb275e189682736294c32f9c1-1412007009
http://killmalware.com/buu4k-filues.gotovo-okno.ru/
Normal web rep does not detect.
htxp://buu4k-filues.gotovo-okno.ru/get_access/
200 OK
Content-Length: 112809
Content-Type: text/html
malicious

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: Again the avast! Webshield detects...
« Reply #2 on: September 29, 2014, 06:52:24 PM »
Hi Pondus,

Malware very much alive: http://support.clean-mx.com/clean-mx/viruses.php?ns2=ns3-com.nic.ru&sort=id%20DESC&response=alive
So we need detection for this, as it has been active for over 2829 hours, my friend.

From the safe virus viewer:

DEBUG output created by Wget 1.12 on linux-gnu.

--2014-09-29 18:42:05--  htxp://hqq1f-fiilues.c0qs.pp.ru/download/?q=DayZ%20Standalone&id=33953
Resolving hqq1f-fiilues.c0qs.pp dot ru... failed: Connection timed out.
wget: unable to resolve host address `hqq1f-fiilues.c0qs.pp dot ru'

DEBUG output created by Wget 1.12 on linux-gnu.

--2014-09-29 18:42:05--  htxp://hqq1f-fiilues.c0qs.pp.ru/download/?q=DayZ%20Standalone&id=33953
Resolving hqq1f-fiilues.c0qs.pp dot ru... failed: Connection timed out.
wget: unable to resolve host address `hqq1f-fiilues.c0qs.pp dot ru'

From a private person -> http://whois.domaintools.com/c0qs.pp.ru
http://dnscheck.pingdom.com/?domain=C0QS.PP.RU&timestamp=1412009177&view=1  Delegation errors.
Main domain OK: http://dnscheck.pingdom.com/?domain=PP.RU&timestamp=1412009333&view=1
Hoster: http://www.adelinahost.com/ru/

pol
See: https://www.virustotal.com/nl/url/7c9a5c558466a59aac86d90df74804be3df395187198ce5a09e022bfab6b3e54/analysis/


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!