Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does Avast in pup-mode detect this riskware? Ask toolbar bundling!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Does Avast in pup-mode detect this riskware? Ask toolbar bundling! (Read 1105 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33913
malware fighter
Does Avast in pup-mode detect this riskware? Ask toolbar bundling!
«
on:
August 31, 2015, 10:27:50 AM »
See:
https://www.virustotal.com/nl/url/7a20fb1417d32a0645bda7b8ad8cd4302bdea737ab3518dd622fe6db0b2af531/analysis/1441009185/
and
https://www.virustotal.com/nl/file/688c99052bda02359715895ce452b04f8cadb5abdf4d32d086f79a5f4a189f9c/analysis/1441005154/
Site server vulnerable:
http://www.cvedetails.com/vulnerability-list/vendor_id-10048/product_id-17956/version_id-178329/year-2014/Nginx-Nginx-1.6.0.html
& exploitable:
https://vuxml.freebsd.org/freebsd/ad747a01-1fee-11e4-8ff1-f0def16c5c1b.html
See:
https://urlquery.net/report.php?id=1441005080991
polonus
P.S. The download is facilitated even via an older nginx version
Netblock owner IP address OS Web server Last seen Refresh
Netrouting Telecom Sweden 94.185.85.210 Linux nginx/1.4.5 16-May-2015
The nginx 1.6.0. OpenSSH 5.3 (protocol 2.0) status code 405 is run by INCERO in Wichita. *
Catalyst-Host and not exactly issue free IP:
https://www.virustotal.com/nl/ip-address/162.250.235.54/information/
propagators of the bundled Ask toolbar (PUP/riskware)
More servers from Kansas used to facilitate these downloads all with similar configurations:2015-08-31 09:11:20 0 - 0 - 1 -download.sopcast.com/download/SopCast.zip United States162.250.235.54
2015-08-29 16:31:02 0 - 0 - 1 -download.sopcast.com/download/SopCast.zip United States178.18.19.214
2015-08-28 21:57:48 0 - 0 - 1 -download.sopcast.com/download/SopCast.zip United States162.250.235.54
2015-08-28 20:23:41 0 - 0 - 1 -download.sopcast.com/download/SopCast.zip United States162.250.235.54
2015-08-20 22:19:15 0 - 1 - 1 -download.sopcast.com/download/SopCast.zip United States178.18.19.214
2015-08-01 16:15:17 0 - 0 - 1 -download.sopcast.com/download/SopCast.zip United States162.250.235.54
polonus (volunteer website security analyst and website error-hunter)
«
Last Edit: August 31, 2015, 11:05:31 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does Avast in pup-mode detect this riskware? Ask toolbar bundling!