New spy / adware? buy.internettraffic,com sell.internettraffic.combuy.internettraffic.com sell.internettraffic.com
Posted 07 February 2013 - 12:37 PM
I searched for dns queries going straight out to internet from our clients (as they should never do that, they should only go to internal DNS servers)
I found a PC making dns queries out to 4 diff dns servers (we deny the requests). Then another PC and now I have a thrid PC making these requests.
Neither ForeFront, MalwareBytes, our IDS or ComboFix detected anything when we scanned with them. In every case so far we have reimaged. I have an infected laptop at my desk but i have not done any analysis yet.
I cant find much info via Google. Is this something new that isnt on anyones radar yet?
All I know is my clients PCs should NOT be making requests out to odd dns servers, so its mal/ad/spyware.
Heres the dns server they reach out to
hxxp://internettraffic.com/ - very ambiguous - no idea what "service" is being provided
Posted 08 February 2013 - 04:11 PM
sry about being a noob, ill get the sans sift kit or something and try to find a sample binary i can submit.
Posted 09 February 2013 - 03:55 AM
Looks like you posted your issue in the wrong forum
If you're having Malware related issues with your computer that you're unable to resolve.
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
- When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users