Author Topic: What is possible JKDDOS download b.ex-?  (Read 1452 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
What is possible JKDDOS download b.ex-?
« on: June 17, 2012, 05:33:56 PM »
Avast detects, see: https://www.virustotal.com/file/d70820027e476b295f41b01e9a65d878995dce2c6904235e50c149b818bea636/analysis/
as Win32:Malware-gen - we are being protected
Detected: BDS/IRCBot.FY.268 alive since: 2012-06-17 11:20:26
See: http://camas.comodo.com/cgi-bin/submit?file=d70820027e476b295f41b01e9a65d878995dce2c6904235e50c149b818bea636
See: http://minotauranalysis.com/search.aspx?q=a391f0e0928cc8fe8cacf02a4a8625f5
Now on the IDS detection:
IDS flag, see: http://urlquery.net/report.php?id=70010 ET CURRENT_EVENTS Possible JKDDOS download b.exe
What is the meaning of this IDS alert?
From a technical point of view, the JKDDOS family appears quite unremarkable and shares many characteristics common to other Chinese DDoS malware such as YoyoDDoS, Avzhan, Chcod, and Darkshell. What do we have here?
Fakee AV also found for that IP, also active in e-mail scams,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!