Author Topic: IP to be blocked - detection 7 hrs ago...  (Read 558 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31281
  • malware fighter
IP to be blocked - detection 7 hrs ago...
« on: February 03, 2019, 12:35:52 AM »
Re: https://urlhaus.abuse.ch/url/116136/   various detections for this IP.
Malware: https://www.maltiverse.com/search;query=blacklist.description:%22Malware%20Download%22;page=1;sort=query_score
Also: https://www.malwareurl.com/listing.php?as=AS53667&active=on
Also listed here: http://tracker.h3x.eu/corpus/5000
Not detected: https://www.virustotal.com/#/url/e097a3ffbe466696640e96dc2a5d3dea2e5f52bd9ed7fcf97767c0f452e706a6/detection
16 engines now detect, as does avast's: https://www.virustotal.com/#/file/4610b78e5faf98bad186ab3e0e7653d05c72c0e2c47796afa3c845b226e3fb6f/detection
Quote
What is ELF:DDoS-Y?
ELF:DDoS-Y is a trojan that comes hidden in malicious programs. Once you install the source (carrier) program, this trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.

Trojans like ELF:DDoS-Y are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, ELF:DDoS-Y executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect.
info source: Malware Encyclopedia.

polonus
« Last Edit: February 03, 2019, 12:40:54 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35584
« Last Edit: February 03, 2019, 01:53:15 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31281
  • malware fighter
Re: IP to be blocked - detection 7 hrs ago...
« Reply #2 on: February 03, 2019, 02:15:58 PM »
Hi Pondus,

Thanks for the confirmation and elaboration. This shows for all and everyone, how over what short time period malware is being spread.
Overdue malware, staying on longer than a 1.000 hrs is really a rare beast. The types of malware that are persistent and (inter)related, are all variations on earlier patterns.
The malcreant like the devil always takes to the same methods and routines to do evil.

So keeping the right attitudes and online behavior will mean one may be less susceptible to malware infections.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31281
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!