You are beginning to amaze me, an IP block proposition for an online-payment site? Good for some Chinese animosity I guess!
Good you editted that suggestion out, the second suggestion won’t work either.
Better if they do a clean up there at that server , and they can, as some malware was closed after 45 minutes.
Here the Anubis Analysis of the alleged malware you reported: http://anubis.iseclab.org/?action=result&task_id=1468c0c0437c4a0b4f1b82842f7edbf3f&format=html
Has a file handle leak in \comctl32.dll, heap corruption by string destructor in MSVCR80.dll, error that comes with \Framework\v4.0.30319\mscoreei.dll,
Neosploit code in shell folders…
This sets it out as bein a PUP: HKLM\Software\Classes\CLSID\{dd313e04-feff-11d1-8ecd-0000f87a470c}\InProcServer32
Oh and here is the Autonomous System mug report:
AS Name: CHINANET-BACKBONE No.31,Jin-rong Street
IPs allocated: 113033184
Blacklisted URLs: 12195
Next time establish the facts before posting, please.
Anyway the request did not return any content with a file viewer in the browser…so it must be blocked,
and yes when you download it you get an avast alert- download seems to be dangerous.
So we are being protected.
How to do an URL block with 12195 blacklisted URLs. Do you see the practicality of it. And in the case of a PUP a sandbox alert accompanied with a red traffic sign seems a much better option. Those that want the PUP and know what they are up against and want to install it intentionally will go on with the download and run it, others will undo the download and go on without the PUP.
After considering the whole procedure, don’t you think that is not a far better proposition? I think I know the answer,