| OpenDNS botnet alerts We recently started using OpenDNS (Enterprise subscription and about a hundred separate small "networks" pointed to them). We're seeing a number of sites being blocked as potential references to botnet command&control hosts. Two in particular I'm thinking could be false positives and am wondering if anyone else has experience with these hosts and specifically whether you found access to them to be legitimate or not.
img.apnanalytics.com
mmi.explabs.net
The first one I have no idea who they are or anything about them. The second one appears to be a company AVG acquired. There are some PCs at the sites hitting that domain which have AVG installed on them, thus my suspicion that those are legit accesses.
Anyway, just curious if anyone knew anything about either of these and/or OpenDNS's botnet detection/prevention that they might be willing to comment on.
Thanks. |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ | could be one of your users has fat fingers. |
|
| Thanks but it's probably more than that.. We've had PCs at 7 different offices hit the img.apnanalytics.com host today and PCs at 4 different offices hit the mmi.explabs.net one. We've tracked down some of them and scoured them for malware, botnets, rootkits, etc.. After finding nothing of the sort I figured I'd inquire here and see if other folks had noticed these addresses being accessed, for legit purposes, making OpenDNS's warnings be false positives.
Thanks. |
|
|
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to ArkiMage
said by ArkiMage:We recently started using OpenDNS (Enterprise subscription and about a hundred separate small "networks" pointed to them). We're seeing a number of sites being blocked as potential references to botnet command&control hosts. Two in particular I'm thinking could be false positives and am wondering if anyone else has experience with these hosts and specifically whether you found access to them to be legitimate or not.
img.apnanalytics.com
mmi.explabs.net
The first one I have no idea who they are or anything about them. The second one appears to be a company AVG acquired. There are some PCs at the sites hitting that domain which have AVG installed on them, thus my suspicion that those are legit accesses.
Anyway, just curious if anyone knew anything about either of these and/or OpenDNS's botnet detection/prevention that they might be willing to comment on.
Thanks.
.
apnanalytics.com
is parrt of the "ASK" Partner Network (APN)
About The Ask Partner Network
The Ask Partner Network, APN, LLC (APN), an operating business of IAC (Nasdaq: IACI), is a leading provider of custom toolbar and search solutions to software and media companies. The company works closely with its partners to design and develop highly-targeted applications that extend services into the browser and enhance end-user experiences across the Web. APN provides tremendous value to its partners via new revenue streams, increased customer engagement and ongoing brand promotion. Its growing roster of clients consists of hundreds of leading businesses, including Fortune 500 companies, across a number of industries such as Internet security, online gaming, and news and entertainment.
More than likely some PCs have toolbars or BHOs installed, knowingly or unknowingly . While not botnet C&C, and thus a "false positive", the behavior of monitoring and pushing content to users mimics that criteria.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to ArkiMage
said by ArkiMage:mmi.explabs.net
The first one I have no idea who they are or anything about them. The second one appears to be a company AVG acquired. There are some PCs at the sites hitting that domain which have AVG installed on them, thus my suspicion that those are legit accesses.
Thanks.
Correct ......
explabs.com
exploitpreventionlabs.com
exploitpreventionlabs.net
linkscanneronline.com
wormradar.com
are all hosted on the same IP
Why Grisoft / AVG continues to cloak all the above domains with Godaddy "Domains by Proxy, Inc." registrations, synonymous with nefarious behavior, is beyond clueless.
MGD |
|
| Thanks! |
|
