2017-12-01 - EITEST CAMPAIGN FAKE ANTI-VIRUS ALERT

ASSOCIATED FILES:

  • 2017-12-01-EITest-campaign-fake-av-traffic.pcap   (316,234 bytes)
  • 2017-12-01-EITest-campaign-fake-av-page-audio.mp3   (262,144 bytes)
  • 2017-12-01-EITest-campaign-fake-av-page-html.txt   (9,746 bytes)
  • 2017-12-01-page-from-accutech.net-with-injected-EITest-campaign-script.txt   (17,843 bytes)

 

BACKGROUND:

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains:

 

TRAFFIC


Shown above:  Injected script in page from compromised site.

 


Shown above:  Network traffic filtered in Wireshark.

 

NETWORK TRAFFIC FROM MY LAB HOST:

 

IMAGES


Shown above:  Fake anti-virus page.

 


Shown above:  Pop-up from fake anti-virus page.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.