Hi all,
Where does ESET RA server download virus signature updates? Our server tries to connect to tsm02.eset.com domain (91.228.166.143, 91.228.166.11) over HTTP, but snort identifies these connection as a malware-cnc RAT update. We tried to investigate the cause of that problem, and found some suspicious things in the HTTP post data. There is possible bot update command: hxxp://fast.onoodor.com:443/update?id=ff64a2f9 in post data. Anyone know about this?
Regards,
Altangerel