Jump to content

3 - Network provider mistakes Launcher for Malware


420scoper

Recommended Posts

Name: Network provider mistakes Launcher for Malware.

Severity: 3

Location: Executing the Launcher/establishing a connection to the server.

Reproducibility: Always.

Description: Whenever I execute the launcher and a connection to the server is established I get the E-Mail quoted at the end of the bugreport.

My network provider mistakes the launcher for malware which results in my network socket being disabled.

Additional Information: I'm connecting to a VPN in order to have internet access.

"Hello!

For your user id ******* / network socket id *******
a infection with a malware was reported. One of your connected devices
might be infected.

Additional information to this case:

Malwaretype: TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)
IP-Address: ***.**.***.***
Timestamp: 2018-06-18 23:56:09+02:00
Reference: Snort ID 2021013

For your own safety, please check all the connected devices for a virus
infection. Please also keep in mind, that in case of a infection
all stored or entered data (Logins, credit card numbers,
bank account, ...) might be now in the hand of third persons.
In case of doubt, please take actions accordingly.

You can get information and help at the US Cert website using the
following short-link:

http://1.usa.gov/VHaeIa

If a malware detection is detected multiple times, the network
socket may be automatically disabled.

This is an automated Message."

Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use