IP to be blocked - detection 7 hrs ago...

[polonus]

Re: https://urlhaus.abuse.ch/url/116136/   various detections for this IP.
Malware: https://www.maltiverse.com/search;query=blacklist.description:%22Malware%20Download%22;page=1;sort=query_score
Also: https://www.malwareurl.com/listing.php?as=AS53667&active=on
Also listed here: http://tracker.h3x.eu/corpus/5000
Not detected: https://www.virustotal.com/#/url/e097a3ffbe466696640e96dc2a5d3dea2e5f52bd9ed7fcf97767c0f452e706a6/detection
16 engines now detect, as does avast's: https://www.virustotal.com/#/file/4610b78e5faf98bad186ab3e0e7653d05c72c0e2c47796afa3c845b226e3fb6f/detection

What is ELF:DDoS-Y?
ELF:DDoS-Y is a trojan that comes hidden in malicious programs. Once you install the source (carrier) program, this trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.

Trojans like ELF:DDoS-Y are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, ELF:DDoS-Y executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect.

info source: Malware Encyclopedia.

polonus

[Pondus]

Not detected: https://www.virustotal.com/#/url/e097a3ffbe466696640e96dc2a5d3dea2e5f52bd9ed7fcf97767c0f452e706a6/detection

Yes it is .... with a fresh scan   

16 engines now detect, as does avast's: https://www.virustotal.com/#/file/4610b78e5faf98bad186ab3e0e7653d05c72c0e2c47796afa3c845b226e3fb6f/detection

ehm ... 23 with a fresh scan   



Technical description from Symantec
https://www.symantec.com/security-center/writeup/2014-120115-3009-99#summary

[polonus]

Hi Pondus,

Thanks for the confirmation and elaboration. This shows for all and everyone, how over what short time period malware is being spread.
Overdue malware, staying on longer than a 1.000 hrs is really a rare beast. The types of malware that are persistent and (inter)related, are all variations on earlier patterns.
The malcreant like the devil always takes to the same methods and routines to do evil.

So keeping the right attitudes and online behavior will mean one may be less susceptible to malware infections.

polonus

[polonus]

Another IP reported over a week ago, now not available...

Scanning IP on Sucuri's does not give results - but this scan does: https://sitecheck.sucuri.net/results/Sinastorage.com
See: https://urlhaus.abuse.ch/url/116343/
and https://www.virustotal.com/nl/file/c0e22ef071e34f0d767d069e30615bbf7c0409fe83b0ebd40947ce4fcc85d558/analysis/1548507246/
issues on site: https://webhint.io/scanner/d2fa7fe3-f04e-40fb-a0f8-60e9c3a6babc
Consider also: https://www.urlvoid.com/scan/sinastorage.com/
Re: https://otx.alienvault.com/indicator/domain/sinastorage.com   and   bucket now being taken down:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=U1tufHN0XX18Z3suXl1t~enc

See: https://github.com/SinaCloudStorage/SinaStorage-SDK-Python/blob/master/test.py
and cloudstorage: https://github.com/SinaCloudStorage/SinaCloudStorage-SDK-Go

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)