Only Norman to detect this downloader?

See: https://www.virustotal.com/nl/url/528c2979d50678bf526c466fb79b57d026ba543e1bc2381948f814ae4fe1295f/analysis/1432403644/
Website category:
Dr.Webknown infection source
Websense ThreatSeekermalicious web sites
3 IDS alerts: http://urlquery.net/report.php?id=1432403853853
See: https://www.malwarepatrol.net/cgi/submit?action=stats&s=domains

polonus

More seem to detect this generic detection, but Avast does not.

polonus

Almost identical url from same ip

https://www.virustotal.com/nb/url/86ab38fa1f57d8b2c6e395fb8738b8a95a2e7218995cdc8519b60caa06f2bc31/analysis/1432415201/
https://www.virustotal.com/nb/file/58aa368c4f73111182c2042fc5bc8d7403f24b7dc197dfca4abbc3410bfeaf97/analysis/1432415205/

Avast should detect such a backdoor trojan on a restart scan and remove it.

polonus

Actual file not detected by Avast! yet (second vt link)?

Hi,
We detect the file right now by DomainRep. I will create a stronger detection, as well as block all the domains we spotted:
110.173.51.18
cream5566.com
onion5566.com
sky2266.com
top9933.com

Thanks for letting us know!