Jump to content

Wicked

Members
  • Content Count

    22
  • Joined

  • Last visited

About Wicked

  • Rank
    New Member
  1. Long story short, there is a massive phishing campaign going on assisted by fake news and the email contains some links such as these. I am here to report these, VirusTotal is unable to detect anything but the behavior is suspicious already. Save this Javascript, might be dangerous and relevant for the analysis, its obfuscated (came from the source code of one of the following links): https://api.b2c.com/api/init-607fc50a7q9gbqtx6p6.js The hyperlinked text in the email redirects to several URLs like these: http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc4/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFyuCvepFzO6Gi_7mTyxpEHBeobYfYuMKxKF30_nRv5kdBS5o8DWw7zWwaKHPicgJEbi2mIcO09HMayTwoan5hE1cmytgCJaAhI-l7ev-4o3mj7drBut5GMaWk_bdZMloV8tbO0p0IuS3g9LFpxs-MrZZXFvv1IUW9mIDinWMAisyKO0YxWWoDaYakLM-WjT6-28_oIzktSoIRFnqNi6mzOj05IBTsE4voYqZwAj-6-kW3WL2ZdHK1elojTfMIXhkIQ== http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc5/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFzPG-zH7Z8Axr6nl0B3NK8Oe7rrqH8l-9KF30_nRv5kdIFdJ4JByjkh0LDjb0_vYeMF5FrNsmjk0yCxHOQEea5D71LZ16xxHfU-jLNCm8kZ2NWSpuVhwfSZWa1u0svKt6VG3qmegcJmKUTqBQwYa1FGa-jt3plckiARUTd_iNt21hpVWCd3eWlnbNU1oow4p0wVzMEaYF6wgVH6Io0XoMus8whCpPOrU82IAxf9c_Kl7FxRBMDLJOe1zYKSDKyTEiq7jrk9JUCdWt9YwW13jtHo= Which come from a realistic phishing email, as shown: The final URL is: www.YahooDataBreachSettlement.com Notice yahoo.net rather than yahoo.com
  2. @exile360 Precisely this, a custom block list. I couldn't come up with a shorter and straighter definition, hehe.
  3. Sure thing, but it's so uncommon to happen with kasperksy compare to BD, I'll let you know if it happens.
  4. Yes, I am aware - I've done it several times, thanks though! Edit: The point of this post though wasn't 100% about reporting false negatives, that's just a part of my suggestion - What I really wanted was a way to block an URL at my own wish, detected or not by MBAM.
  5. Happened again with Kaspersky, it's way less common than what it used to with BitDefender but I had all .exe files added to trusted applications and exe & sys files to exclusions of all types in the antivirus software. This doesn't bother me once or twice, just wanted to let you know, it's weird though.
  6. The Anti-Rootkit crash just happened with Kaspersky antivirus free. I have it for a few days and haven't had any trouble until now, it happened during a hyper scan (it's not the first time I run a hyper scan while using kaspersky, so I really don't know what happened here). I added all specified files specified below to Kasperksy's Exclusions & Trusted App settings. I'll report any other problems to you guys.
  7. Hello everyone, today I was searching the web and I realized that some websites have popups that open one certain domain, which by itself redirects the client to an advertisement page in a specific language. None of the websites/domains were detected as dangerous but they are quite annoying and I believe most are unwanted and potentially dangerous, and I was thinking if there was the way to block them on our own choice. I figured out that we can't do this, so I was going to suggest MBAM to add the opposite of "Exclusions". (I don't feel like paying for some sort of parental control third-party software or extension just for one browser, I wanted something really in MBAM that allowed me to block a possible threat no matter how I access it) Either in the exclusions tab or quarantine tab, there could be a button like "Add Threat", select "File/URL" checkbox (optionally a checkbox for something such as "Send for False Negative analysis" but this one would probably give you a lot of work specially if people sent files randomly, captcha would help, I guess?). So we could block URLs at least, hopefully files too and optimally having a way to submit them to you when we find them suspicious. Thanks for your time! The an example of an advertising related website that annoys me from time to time: https://www.virustotal.com/en/ip-address/35.188.59.75/information/ Final note: I'm free of adware and malware, I do regular full scans with MBAM & Other antiviruses, AdwCleaner, etc
  8. Ever since I did a full uninstall on BitDefender I haven't had any issues with MBAM3.. :') I never had to reinstall MBAM3 so it's pretty much all the same, only BD has been removed. I'l probably look for Kaspersky Free but I'm unsure if I should go for it. For now I'll just wait a bit - I wish BitDefender add a way to exclude Malwarebytes though..
  9. Absolutely no malware in my computer, did custom scan + rootkit scan on malwarebytes and did a full scan with Emsisoft (EEK - also no malware found; Emsisoft uses bitdefender's engine and their own; so I'm positive this machine is clean). No problems so far after uninstalling BitDefender Free (I restarded several times and I have changed MBAM's settings back to default), If something happens even without Bitdefender Free I'll let you know. Thanks for your time!
  10. This "Bidefender Free" Software doesn't allow users to manually add processes/files to the exclusions, only URLs, only the ones that are actually detected. No logs here. I will do the scans in Safe-Mode and uninstall BitDefender completely to see if the problem remains, sounds good? In no way it lets me to add files or processes to the exclusions and I find that quite ridiculous, even for a Free product - but it's what I've been using for ages and it's light and quiet.
  11. I hope this helps Have a nice day! mb-check-results.zip
  12. I'm having the exact same issue. MBAM is constantly asking if I want to reboot the computer due to issues with that DDA driver and, for some reason, sometimes after messing with settings and rebooting the protections start to fail. Usually the Web and Malware protections. Sometimes messing with self protection module/early start/delay will fix for a short period of time but the problem usually returns :') I use BitDefender Free, I don't know if it is any relevant but this antivirus is professional messing other softwares up. (Past Personal Experience) EDIT: This started in late 2017, probably (but not sure) around/after September, I always keep it up-to-date (no Beta)
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.