http://cdn.altitude

[summitit 0]

Hi All, 

 

Wondering if you can point me in the right direction.  I've seen a few of these alert in my environment and I've done a scan on the systems that have generated this alert.  They've all come up clean and I cannot find any additional info on this.  Is ESET aware of this alert?  What can I do to prevent this alert?

 

Thanks in advance!

[TomFace 539]

Can you give us a screen shot of the alert?

[Marcos 4,935]

Or better copy & paste the appropriate record from ESET's logs but make sure the link is not clickable.

[summitit 0]

I get an email notification:

 

11/2/2016 14:40:15 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX:  hxxp://cdn.altitude/ contains HTML/Refresh.BC trojan.

11/2/2016 14:40:32 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX:  hxxp://cdn.altitude/ contains HTML/Refresh.BC Trojan.

[itman 1,630]

I get an email notification:

 

11/2/2016 14:40:15 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX:  hxxp://cdn.altitude/ contains HTML/Refresh.BC trojan.

11/2/2016 14:40:32 PM - Module HTTP filter - Threat Alert triggered on computer XXXXXXXXX:  hxxp://cdn.altitude/ contains HTML/Refresh.BC Trojan.

Possibly e-mail based?

 

If your using an e-mail client, you should have hot linking disabled in the e-mail client.

[summitit 0]

This is the email notification I receive when an event is triggered on a client computer.

[Marcos 4,935]

I'd check DNS settings; make sure that DNS server is set to automatic or try using Google DNS 8.8.8.8 or 4.4.4.4. It's likely related to this: hxxp://www.dslreports.com/forum/r29394552-What-is-this-LEVEL3-.