I submitted the URL earlier and I received an email, I just replied to the email and attached the zip file (I zipped it again with the password infected).
Malicious website escaping secure dns
- Thread starter Parkinsond
- Start date
Sadly missed all the drama as NextDNS blocks it right away as of noon PST
When was fresh (hours ago), even the mighty K did not detect, not to mention the nice G safe browsing.
Dunno, no mood to read all the topics back haha
Late to the party; I doubt was detected by NordVPN at this point of time; otherwise, it is better than K, ESET, and McAfee.
You judged it is better because of one sample?
Now it is flagged by G Safe Browsing
Edit
Kaspersky and Fortinet now detect it as well.
Edit
Kaspersky and Fortinet now detect it as well.
Last edited:
Expected; what matters which one detected it earlier.
It was already dead when @harlan4096 posted the screenshot of the link lead to by the "update" button.
But I am not sure it was dead when I first posted hours before the screenshot; I did not try to click.
No it was not dead. How did I manage to download the fake installer? I downloaded it after harlan's test.
Personally I do not see this as a real threat. What are the chances to visit such a link? And as we can see it does not live for so long. It died after hours.
My Christmas Wizz list..... For VT to have timestamps of which AV detected it first,mid and last.
That will show who are the contenders and pretenders
A FYI on blocking Malicious sites aka drive-by's.
Blocking a drive-by malicious site is instant at the browser level but staged across the internet's infrastructure. While modern browsers block the specific URL everywhere at once using real-time cloud lookups, the wider rollout involves ISPs and DNS servers, which introduce significant delays. DNS updates can take 24–48 hours to propagate globally due to caching, and individual ISPs often block sites regionally rather than globally, meaning a site effectively "rolls out" to being blocked worldwide rather than disappearing for everyone simultaneously.
Blocking a drive-by malicious site is instant at the browser level but staged across the internet's infrastructure. While modern browsers block the specific URL everywhere at once using real-time cloud lookups, the wider rollout involves ISPs and DNS servers, which introduce significant delays. DNS updates can take 24–48 hours to propagate globally due to caching, and individual ISPs often block sites regionally rather than globally, meaning a site effectively "rolls out" to being blocked worldwide rather than disappearing for everyone simultaneously.
and to avoid, no need for sophisticated security software, just the way of thinking and logic.
I think VT is intentionally missing the timestamp; no need for conflicts with the supporting vendors.
But let's be real, sometimes one can unconsciously and unintentionally fall for it.
Like when youre on your device and have not slept for three days hahahahah
You may also like...
-
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches- Started by Parkinsond
- Replies: 5
-
eScan confirms update server breached to push malicious update- Started by andytan
- Replies: 43
-
-
Korean malware removal tool I have never heard about before
- Started by Parkinsond
- Replies: 19
-
