Captain 0 Posted February 2 Share Posted February 2 Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do? Why was this IP listed? A device using {my IP address) is infected with malware associated with the avalanche/andromeda family. {my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols. Technical details of the andromeda detection 102.176.75.64 initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80. The most recent detection was on: January 23 2023, 15:45:01 UTC. Information about the andromeda botnet The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,610 Posted February 2 Administrators Share Posted February 2 Please send a test email as per instructions at https://www.mail-tester.com/ and drop me a message with a link to the score. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.