Jump to content


Photo

New spy / adware? buy.internettraffic,com sell.internettraffic.com

buy.internettraffic.com sell.internettraffic.com

  • This topic is locked This topic is locked
3 replies to this topic

#1 highplains

highplains

    New Member

  • Members
  • Pip
  • 7 posts

Posted 07 February 2013 - 12:37 PM

So, Im a new security person at my company. I check through the firewall logs a few times a week looking for odd things.

I searched for dns queries going straight out to internet from our clients (as they should never do that, they should only go to internal DNS servers)

I found a PC making dns queries out to 4 diff dns servers (we deny the requests). Then another PC and now I have a thrid PC making these requests.

Neither ForeFront, MalwareBytes, our IDS or ComboFix detected anything when we scanned with them. In every case so far we have reimaged. I have an infected laptop at my desk but i have not done any analysis yet.

I cant find much info via Google. Is this something new that isnt on anyones radar yet?

All I know is my clients PCs should NOT be making requests out to odd dns servers, so its mal/ad/spyware.

Heres the dns server they reach out to
176.74.176.170 sell.internettraffic.com
176.74.176.169
208.87.35.120 buy.internettraffic.com
208.87.35.121

hxxp://internettraffic.com/ - very ambiguous - no idea what "service" is being provided
hxxp://www.malwareurl.com/ns_listing.php?ns=buy.internettraffic.com

#2 highplains

highplains

    New Member

  • Members
  • Pip
  • 7 posts

Posted 07 February 2013 - 01:06 PM

sry, i should have posted this in the Research Center section.

Im sure an admin will be kind enough to move this thread :)

#3 highplains

highplains

    New Member

  • Members
  • Pip
  • 7 posts

Posted 08 February 2013 - 04:11 PM

now ive got another person with this.. sigh
sry about being a noob, ill get the sans sift kit or something and try to find a sample binary i can submit.

#4 S!Ri

S!Ri

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 10,411 posts
  • Gender:Male

Posted 09 February 2013 - 03:55 AM

Hi,

Looks like you posted your issue in the wrong forum :)

If you're having Malware related issues with your computer that you're unable to resolve.
Biohazard.gifS!Ri
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users