Author Topic: Tumblr Triggering A Botnet Response  (Read 972 times)

0 Members and 1 Guest are viewing this topic.

Offline avastmemateys

  • Newbie
  • *
  • Posts: 3
Tumblr Triggering A Botnet Response
« on: October 23, 2023, 04:18:17 PM »
I went to a Tumblr link located here:

https://wh40kartwork.tumblr.com/post/190753944426/eldar-party-by-diego-gisbert-llorens

When I arrived at the page, without clicking anything, I received:

"Threat secured
We've safely aborted connection on tcp://192.0.77.40:443 because it was infected with Botnet:Blacklist"

Details were:

"Threat name: Botnet:Blacklist
URL: tcp://192.0.77.40:443
Process: C:\windows\system32\drivers\rivetnetworks\killer\killernetworkservice.exe
Detected by: Web Shield
Status: Connection aborted"

The IP address is registered to Tumblr's parent company, Automattic, when I check it online (just a quick check, I didn't delve too deep) and port 443 is for secure web traffic.  I reported this as a potential false positive using Avast's report form but no response so far.

Does anyone else have any information on this?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Tumblr Triggering A Botnet Response
« Reply #1 on: October 23, 2023, 06:49:18 PM »
Sounds like there is a redirect from the link you clicked and one that Avast doesn't like.  Also it would appear that connection is trying to download something to your system.
Though this isn't an area that I'm familiar with. - see https://en.wikipedia.org/wiki/Transmission_Control_Protocol

Attach a screenshot (in the post) of the Avast alert window with the Details option selected would have been helpful.
Though the limited details are helpful, does killernetworkservice mean anything to you ?
https://www.google.co.uk/search?q=killernetworkservice

Having reported it to Avast - You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline avastmemateys

  • Newbie
  • *
  • Posts: 3
Re: Tumblr Triggering A Botnet Response
« Reply #2 on: October 24, 2023, 03:23:32 AM »
Sounds like there is a redirect from the link you clicked and one that Avast doesn't like.  Also it would appear that connection is trying to download something to your system.
Though this isn't an area that I'm familiar with. - see https://en.wikipedia.org/wiki/Transmission_Control_Protocol

Attach a screenshot (in the post) of the Avast alert window with the Details option selected would have been helpful.
Though the limited details are helpful, does killernetworkservice mean anything to you ?
https://www.google.co.uk/search?q=killernetworkservice

Having reported it to Avast - You should get a response in a day or two.

I typed out everything that was in the details view of the alert.  There was no other information.

Killer Network Service is an internet/wifi management program that assists with load distribution.  It's pretty common for gaming and comes bundled with Dell computers (and their subsidiaries).

Still waiting on an answer from Avast's team but I'll make sure to update when I get one.

Offline avastmemateys

  • Newbie
  • *
  • Posts: 3
Re: Tumblr Triggering A Botnet Response
« Reply #3 on: October 24, 2023, 04:02:09 PM »
Just heard back from the Avast team! 

"The reported URL was checked by Avast virus specialists and based on the findings the detection was removed.  The website is now marked as clean int he Avast virus database" for anyone curious!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Tumblr Triggering A Botnet Response
« Reply #4 on: October 24, 2023, 05:45:58 PM »
Thanks for the confirmation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security