[Abuse #DZFXGNMLJT] OVH: SBL notification

OVH: SBL notification

Hello,

Your service ip-145.239.32.176/30 has been reported as a high threat for OVH’s Network by Spamhaus.

The Spamhaus Project is an international nonprofit organization that monitors spam and related cyber threats such as phishing, malware and botnets.

Technical details showing the aforementioned problem below.

You should investigate and fix this issue as fast as possible, as it constitutes a violation of our terms of service.

In order to fix this issue, we recommend you to follow the following steps :

1. Reinstall a previous safe backup of the reported service, otherwise, delete every suspicious files to avoid being infected afterward.
2. Change your password (FTP, CMS, Database, …).
3. Update / Upgrade your CMS and / or Operating System to install the new vulnerability patches.
4. Be sure that every single threat has been removed before any reply.

If you need assistance, you can reach our support or contact an IT professional.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Until then, we might have to suspend your service to protect our network.

Cordially,

The OVH Abuse team.


— start of the technical details —

————————————————————————
SBL538295 — The Spamhaus Project — SBL International Anti-Spam System
————————————————————————

Hello ovh.net Abuse Desk,

This is an automated message from the Spamhaus Block List (SBL) database
to advise that the IP below has been added to sbl.spamhaus.org:

IP/cidr: 145.239.32.179

Problem: *** BOTNET CONTROLLER LISTING ***

RedLineStealer botnet controller @145.239.32.179

SBL Ref: SBL538295

The reason for listing the IP address(es) is explained at the url:
https://www.spamhaus.org/sbl/query/SBL538295

— end of the technical details —


The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 145.239.32.179 on port 27763 TCP:
$ telnet 145.239.32.179 27763
Trying 145.239.32.179…
Connected to 145.239.32.179.
Escape character is ‘^]’

Referencing malware samples (MD5 hash):
267a7993a596998743aba38299531ff0 — AV detection: 43 / 68 (63.24%)
51059f0b8dea23a1d153ae103abd2e50 — AV detection: 28 / 66 (42.42%)
a69fd26cb9d1bc4955ed27b20107e29f — AV detection: 30 / 68 (44.12%)

Добавить комментарий

Ваш адрес email не будет опубликован.