undefined | Better HN

0 pointsboomboomsubban8y ago0 comments

So an installer was trying to set up autoruns, and the outbound connection IP's were on some list? The first part seems like expected behavior, the second sounds like your list of bad IP's included several that one of the most popular VPN providers use.

0 comments

sr28y ago

This was before the client even connected for the first time. And the IPs were well known C&C servers used for collecting keystrokes and screenshots of your O.S

boomboomsubbanOP8y ago

Checking if their various servers exist on install seems likely. And well known C&C servers probably hide their actual IP, they'd be fairly easy to shut down if they didn't.

j / k navigate · click thread line to collapse

0 pointsboomboomsubban8y ago0 comments

0 comments

sr28y ago

This was before the client even connected for the first time. And the IPs were well known C&C servers used for collecting keystrokes and screenshots of your O.S

boomboomsubbanOP8y ago

Checking if their various servers exist on install seems likely. And well known C&C servers probably hide their actual IP, they'd be fairly easy to shut down if they didn't.

j / k navigate · click thread line to collapse