« previous next »
Pages: [1]   Go Down

Author Topic: Does avast detect AVTECH_IP_CAMERA_WORM?  (Read 1016 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Does avast detect AVTECH_IP_CAMERA_WORM?
« on: March 03, 2019, 07:14:01 PM »
Where it resided: at IP -138.68.0.152 ; nginx 1.14.0 (Ubuntu) ; Digital Ocean LLC  AS14061 Linux 3.1.-3.10 last seen 2019-01-31
See: https://www.shodan.io/host/138.68.0.152  Remove semantic-ui from dependencies:
RE: https://snyk.io/test/npm/semantic-ui  and  https://snyk.io/test/npm/semantic-ui
Detected via: https://github.com/GreyNoise-Intelligence/api.greynoise.io/blob/master/README.md

From that same Santa Clara base: -https://beta.finret.com/ Did not follow redirect to -https://68.183.249.126/
44 hints to improve that website:
https://webhint.io/scanner/4a63b065-1a5b-4291-aa12-e3a08b3d7e71
of which 15 security related: https://webhint.io/scanner/4a63b065-1a5b-4291-aa12-e3a08b3d7e71#Security
Vulnerable: Security Checks for -https://beta.finret.com
(4) Susceptible to man-in-the-middle attacks
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion

Vulnerabilities can be uncovered more easily

(2) Unnecessary open ports
App ports open
Administration ports open
Also consider: https://toolbar.netcraft.com/site_report?url=https://beta.finret.com  (1 red out of 10 Netcraft Risk rating).
earlier known as Date resolved   Domain on IP 68.183.249.126
2019-03-01   dns102.monetizar2.com
2019-02-26   dns102.motoaxdb.com  no secure connection: NET::ERR_CERT_COMMON_NAME_INVALID

Into what kind of abuse is IP involved:
Quote
NETIS_ROUTER_ADMIN_SCANNER_HIGH   activity   Null   high   2019-02-02   2019-02-02
REALTEK_MINIIGD_UPNP_WORM_CVE_2014_8361   worm   malicious   high   2019-02-02   2019-02-02
SSH_WORM_HIGH   worm   malicious   high   2019-02-01   2019-02-03
SSH_SCANNER_HIGH   activity   Null   high   2019-02-01   2019-02-03
HUAWEI_HG532_UPNP_WORM_CVE_2017_17215   worm   malicious   high   2019-02-01   2019-02-01
AVTECH_IP_CAMERA_WORM   worm   malicious   high   2019-01-31   2019-01-31
WEB_CRAWLER   activity   Null   high   2019-01-31   2019-02-02
CGI_SCRIPT_SCANNER   scanner   malicious   low   2019-01-31   2019-01-31
WEB_SCANNER_HIGH   activity   Null   high   2019-01-31   2019-02-02
SSDP_UPNP_SCANNER_LOW   activity   Null   low   2019-01-31   2019-01-31
HTTP_ALT_SCANNER_LOW   activity   Null   low   2019-01-31   2019-01-31
ZMAP_CLIENT   tool   Null   high   2019-01-31   2019-02-04
Info credits go to GreyNoise Visualizer

polonus
« Last Edit: March 03, 2019, 07:39:40 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: Does avast detect AVTECH_IP_CAMERA_WORM?
« Reply #1 on: March 03, 2019, 07:48:19 PM »
Thanks for information, IP will be block and I will forward info about Greynose to other people in Lab
Logged
Pages: [1]   Go Up
« previous next »