Author Topic: Adware Graftor site not being blocked...  (Read 1086 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Adware Graftor site not being blocked...
« on: January 09, 2019, 12:28:21 AM »
Many detections here on communicating files: https://www.virustotal.com/#/domain/zz.bdstatic.com
Read background info: https://blog.malwarebytes.com/detections/adware-graftor/
Where we stumbled upon it: https://urlquery.net/report/ae9c51be-4ca2-4156-b8c5-5b2f79823269
and detected adware: https://privacyscore.org/site/119231/
Consider: -https://zz.bdstatic.com/linksubmit/push.js -. content see: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=enouYiNzdHx0W14uXl1tYGxbbmtzdWJtW3RgcHVzaC5qcw%3D%3D~enc
Security vulneralbilties 6 threats found: https://webscan.upguard.com/#/https://zz.bdstatic.com
Re: https://www.cvedetails.com/cve/CVE-2018-19540/ (through excessive server info proliferation vulnerability)
and SPDY protocol 3 vuln: https://support.f5.com/csp/article/K14059
Re: https://webhint.io/scanner/0edc96fb-df5b-431b-8c5c-708ff32e9f5b

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Adware Graftor site not being blocked...
« Reply #1 on: January 09, 2019, 01:49:48 PM »
Part of this problem is existing server software mono-cultures in countries like Mainland China and Indonesia for instance.
The phishing platforms involved are more of a USA problem - as prizeforyouhere dot com was PHISHING.
Re: https://whois.domaintools.com/104.201.35.243

"Do not wear all your precious eggs in one and the same basket, as you tend to break them more easily".

But is not only these two countries that may come affected by Graftor Ad-PUP:

Example: https://www.superantispyware.com/malwarefiles/SOSOIM4.EXE.html

polonus

« Last Edit: January 09, 2019, 01:58:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!