AV Tracker

Posted by Junaid August 3, 2010

Ever set up a multi/handler and get an odd IP hitting it? Probably forgot about it as internet chatter? Think again, you might have just been caught.

AV Tracker – ( http://avtracker.info/ ) is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other “Submit-your-malware-here” drop boxes use.
Peter Kleissner and his team provide

  • ranges that the hosts use
  • a dynamic text file with the IP addresses listed if you want to add it to some auto updating block list
  • a line by line IPTABLES block config
  • and even C code to add into your binary to make sure it doesn’t talk out from one of those addresses (I could be reading it wrong, still a beginner in C)
The team has been criticized a lot by AV vendors, enough so the took down the site in January of this year. But it came back June 5th.

blog comments powered by Disqus
Subscribe To Guide 29

Enter your email address:

Delivered by FeedBurner

Join On Social Networks
  • Subscribe to RSS feed
  • Become Fan On FB
  • Follow Updates on Twitter
  • Be A Friend on Digg
  • Follow On SU

Become A Fan