opti1 2 Posted June 5, 2023 Posted June 5, 2023 What is ESET's position on this which appears to be the source of a "fake ‘Windows Defender’ scare": "Along with a great deal of other information, VirusTotal maintains a separate detection webpage listing the vendors that do and do not perceive a threat in the Dothrakiz domain name shown in Figure 1." Do the latest signatures for ESET products still treat this domain as clean, or not perceive it as a threat? Thanks!
Solution itman 1,921 Posted June 5, 2023 Solution Posted June 5, 2023 I can't connect to the domain name, dothrakiz.com , in question in Firefox. As such, detection of it is a moot point.
opti1 2 Posted June 5, 2023 Author Posted June 5, 2023 @itman Thanks for replying. It seems others who have tried to access or get information about that domain had the same experience after this particular domain was outed as a source of the malware. Presumably the owners killed it and moved to another domain. But there was a period of time when VirusTotal was able to find it and scan it with several dozen different anti-virus\anti-malware software packages, the vast majority of which treated it as 'Clean'. That's kind of scary . . .
Administrators Marcos 5,730 Posted June 5, 2023 Administrators Posted June 5, 2023 The domain was classified as phishing by the majority of AVs that were blocking the domain. If it was actual phishing, ESET doesn't necessary have to blacklist a domain; it can detect the HTML code as phishing. I've tried to find the previous content but could not find any except of a page saying "Future home of something quite cool" so it might have never been actually misused to scam visitors, or it was taken down very quickly so that hardly anybody could encounter the scam had it ever been there. Last but not least, it appears that the domain used to resolve to 34.98.99.30 which was blocked as phishing in 2021 by ESET too.
Recommended Posts