Jump to content

New IP attack


Recommended Posts

Starting two days ago my system has been bombarded with the following. Here is a very short example of the repeated attacks. Malwarebytes and NOD32 notifications were popping up continually nonstop.

 

You can see the port numbers systematically advance with each attack.

Detection, 10/22/2014 2:41:38 PM, SYSTEM, NZXT, Protection, Malicious Website Protection, IP, 185.48.58.8, zzsqluwqmgjbjfjow.com, 65423, Outbound, C:\Windows\explorer.exe,
Detection, 10/22/2014 2:41:43 PM, SYSTEM, NZXT, Protection, Malicious Website Protection, IP, 185.48.58.8, zzsqluwqmgjbjfjow.com, 65428, Outbound, C:\Windows\explorer.exe,
Detection, 10/22/2014 2:41:48 PM, SYSTEM, NZXT, Protection, Malicious Website Protection, IP, 185.48.58.8, zzsqluwqmgjbjfjow.com, 65430, Outbound, C:\Windows\explorer.exe,
Detection, 10/22/2014 2:41:53 PM, SYSTEM, NZXT, Protection, Malicious Website Protection, IP, 185.48.58.8, zzsqluwqmgjbjfjow.com, 65432, Outbound, C:\Windows\explorer.exe,
Detection, 10/22/2014 2:41:58 PM, SYSTEM, NZXT, Protection, Malicious Website Protection, IP, 185.48.58.8, zzsqluwqmgjbjfjow.com, 65434, Outbound, C:\Windows\explorer.exe,

 

I can find nothing unusual running in startup when running msconfig.
 

I added the following to my host file to quell the attacks for now, but I still have no idea why the attacks are happening.

 

127.0.0.1 zzsqluwqmgjbjfjow.com

 

I have found that IP, 185.48.58.8  zzsqluwqmgjbjfjow.com was initially launched 10/15/2014. It appears to be based in Yugoslavia unless this is a false Proxy.

 

I will continue to research this issue. I have also noted that the attack appears to be outbound like my system is infected, but Malwarebytes and NOD32 indicate no infections found.

Link to post
Share on other sites

Greetings and welcome,

I checked with our Research team and was told that this IP address is a known botnet command and control (C&C) server so I'd highly recommend following the instructions in this topic and creating a new topic in this area with the requested logs or if you wish to be assisted via email, you may contact our Support team directly here and they will assist you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.