Captain 0 Posted February 2, 2023 Share Posted February 2, 2023 Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do? Why was this IP listed? A device using {my IP address) is infected with malware associated with the avalanche/andromeda family. {my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols. Technical details of the andromeda detection 102.176.75.64 initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80. The most recent detection was on: January 23 2023, 15:45:01 UTC. Information about the andromeda botnet The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted February 2, 2023 Administrators Share Posted February 2, 2023 Please send a test email as per instructions at https://www.mail-tester.com/ and drop me a message with a link to the score. Link to comment Share on other sites More sharing options...
Recommended Posts