Eset Virus Radar Online

Discussion in 'NOD32 version 2 Forum' started by Benvan45, May 16, 2005.

Thread Status:
Not open for further replies.
  1. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    My firewall keeps blocking ip: 82.208.27.26. I've looked up the ip and it seems to be a page named: Eset Virus Radar Online.

    Is this normal for Eset to keep on hitting me with this? Has anyone else noticed this and maybe someone can explain to me what this is?

    This is the info on that site:

    Basic information about the project

    The project "Virus radar on-line" serves for monitoring and statistic analysis of computer infiltrations spread via electronic mail.

    The project is made by antivirus company Eset spol. s r. o., which is the leader in the field of antivirus systems and is providing the NOD32 antivirus system for a complex antivirus protection for corporate and home users as well.

    The main project partner is Seznam.cz.


    I use Nod32 2.50.16.

    Thanks for the info in advance.

    Greetings,

    Putin
     
  2. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    It could have a link to the new function in NOD32 2.5, that sends statistical info about NOD running on your computer.

    Take a look at: NOD32 control center -> NOD32 sytem setup -> setup -> ThreatSense.NET -> Advanced settings -> statistics.
     
  3. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    The ThreatSense section (if enabled), submits information to Eset and I cannot find any information there about any incoming information.

    Putin
     
    Last edited: May 16, 2005
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The aforementioned VirusRadar has absolutely nothing to do with the ThreatSense.Net Early Warning System. VirusRadar only monitors incoming emails at a Czech ISP.
    Note that upon opening Eset's website, a figure with the actual results is downloaded from virusradar's website.
     
  5. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Marcos, I stand corrected... :D
     
  6. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    But can you explain to me why and how my firewall detects this......o_O What is this Radar doing at my computer?

    ;) Putin
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Actually, if you could provide more details from your firewall log, it'd help a lot. Just saying the IP address that was blocked doesn't help much. Was it inbound attempts from that address, or was it outbound connections from your PC to the Eset site? Also, what program was making the connection, one of the NOD32 modules or your browser? Ports used, would help, too.

    Now what Marcos was saying is that the image with the virus radar info display on the main Eset home page comes from the server at the IP you mentioned. When I go to the nod32 home page, I also see my browser connecting out to www.virus-radar.com to pull the image down. So it is my browser touching that IP address to complete the page, nothing more.
     
  8. Happy Bytes

    Happy Bytes Guest

    Almost a six pack beer... ALMOST ;)
     
  9. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I have been trying to get the log copied, but won't work!!!
    The attempts were inbound, protocol was TCP and there was no application logged. Port was: 1289. Remote port: 80.
    All I know, I was not visiting the Nod homepage at the moment of blocking.
     
    Last edited: May 16, 2005
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Remote port being 80/tcp definitely means it was webserver related traffic. It could have been delayed responses from a previous connection that were finally completing, but it's hard to say without more information.
     
  11. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks for the info, but as I understand, it is not really something to worry about? I just thought it to be a bit weird, to get this kind of alerts from Nod, that's all.

    ;) Putin
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    It could just be spoofed traffic.
    Seperately to that, I'd be interested to hear what firewall it is that you're using - just for interest sake.
     
  13. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I'm using PrivateFirewall4.0 from Privacyware. http://www.privacyware.com/

    ;) Putin
     
  14. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  15. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Also allow me please this electronic translations..and the last thing you want to do is stop any process this new NOD is doing to help you protect you PC and Sytems.
    ;)
    **********************

    Subject: VSantivirus no. 1740 Year 9, Tuesday 12 of April of 2005
    Date: Tuesday, 12 of April, 2005 09:33:44 (-0300)
    Author: VSAntivirus.com <vsantivirus @...........com>



    VSantivirus no. 1740 Year 9, Tuesday 12 of April
    of 2005 _____________________________________________________________
    the daily bulletin of VSANTIVIRUS - http://www.vsantivirus.com
    VIDEO SOFT
    (Maldonado, Uruguay) - http://www.videosoft.net.uy
    _____________________________________________________________
    1 - Win32/Mytob does not deceive Virus-Radar 2 - W32/Mytob.AL.
    One propagates by email, it uses 3 LSASS - W32/Mytob.AK.
    One propagates by email, it uses 4 LSASS - W32/Mytob.AJ.
    One propagates by email, it uses 5 LSASS - W32/Mytob.AI.
    One propagates by email, it uses 6 LSASS - W32/Mytob.AH.
    One propagates by email, it uses 7 LSASS - W32/Mytob.AG.
    One propagates by email, it uses 8 LSASS - W32/Mytob.AF.
    One propagates by email, it uses 9 LSASS - W32/Mytob.AE.
    One propagates by email, it uses 10 LSASS - W32/Mytob.
    Generic description (versions H to A)
    _____________________________________________________________ 1 -
    Win32/Mytob does not deceive Virus-Radar
    _____________________________________________________________

    http://www.vsantivirus.com/12-04-05.htm

    Win32/Mytob does not deceive Virus-Radar
    By VSAntivirus



    The beauty of an proactive system like the one of Virus-Radar (www.virusradar.com), is that it can discover new virus, from the first time that they are seen. Using the heuristic outpost of the awarded antivirus NOD32, Virus Radar it is designed for "listening to the messages" that can warn to us when a new virus scatters itself (and of course, of that form it helps to prevent them). The recent and progressive capture of the family of Mytob worms, (at the moment almost 40 variants), is a great example of the effectiveness of the heuristic one of NOD32. Some of these variants, that very few systems antivirus detect without being updated, began to propagate of very fast form, and in the case of the Mytob.D, had a significant propagation to see image: http://www.vsantivirus.com/12-04-05.htm the worms of the Mytob family is a typical case of malwares created by imitadores (calls "Copy-cats"), to a large extent based on the source code of the Mydoom, a very predominant virus during the 2004. Hardly something is modified to them and small differences are added to them, but its high frequency of appearance, combined with slight variations of its code, is sufficient to deceive many detectors. Releasing a great amount of versions in fast succession, which only allows that each one propagates by a short space of time, the detection based on companies (data bases), little gets to be effective. When a company antivirus has released a new company/signature, the next variant is already being scattered. That way the fact that already a detection available for a previous variant exists, is not important for the author. This can seem a strange strategy, but it is an increasing tendency in the criminal operation of malicious software, specially used to create true networks of machines zombis that can be used for the Spam shipment. This type of worm of short life, if it is successful can jeopardize to many systems of very fast form, scattering itself at very high speed. The infected machines can be used (although single it is by few hours), for infames intentions, and then the cycle will be repeated with a new variant. A similar technique was recently used, when multiple versions of the family of the Bagle (that did not have any code to propagate by itself) were sent like Spam, in fast succession. Again the effectiveness of the companies of the antivirus was almost null. When the troyanos could be detected, the Spam was executed again, and the next variant was released. This tendency only emphasizes the necessity of truely proactive technologies, such as the Heuristic Outpost of NOD32. The time window to obtain a protection is very small, and the very high vulnerability. And of the increasing action of criminals who write and propagate his quickly malwares, this situation every time takes control worse for those who authentic proactive technologies do not use. Video Soft, creative company of the VSAntivirus site, represents in Uruguay antivirus NOD32
    (registered tradename of ESET). More information: http://www.nod32.com.uy/


    Source:
    http://www.pcmag-mideast.com


    * Related: Current Threats - Last 24 Hour Analysis

    http://www.virusradar.com/stat_01_current/index_all_enu.html

    you can read the rest here in Spanish

    http://listas.vsantivirus.com/lista/vsantivirus/archivo/indice/781/msg/790/
     
    Last edited: May 19, 2005
  16. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Great story, but I can't do anything with this at all. All I asked in this topic, is about an ip that keeps on blocking that Virus Radar section from Nod. I just wanted to know if this is a normal action......that's all.
    This firewall showed these inbound attempts anf I'm just curious. I've not seen these attempt with other firewalls, so maybe this firewall show too much or the others show too little. I'm not an expert in these matters and just wanted to know.

    Thanks for the information.

    ;) Putin
     
  17. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Why do yo state here: " I thought so...." o_Oo_O is this a specific matter of this firewall? I use the full version and configured nothing, except for a few programs I allowed permanently.
    I also have been trying to copy the logs, but couldn't get this done.!!!!

    ;) Putin
     
  18. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    I think you're heading down the right track, but actually, on the Eset home page is an IFRAME - this IFRAME calls in an HTML document from virus radar, which then contains the call to the image for the virus-radar realtime graph displayed on the eset home page.

    The HTML document on the virus-radar site obviously calls some side of server side include, which generates the image in real-time, from the stats currently available on the virus-radar database.

    regards

    Greg
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    They have two different full versions of 4.0 which one do you have ?

    http://www.privacyware.com/products.html

    And I placed the links above for the toutorial on the firewall..wondering if you have ever set it up ?
     
  20. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Also then to help you..this is the link to the manual and guide

    http://privacyware.com/PF_UserGuide/

    on the left side of the page click on the + sign next to the words Privatefirewall Main Features

    You will then see something called Firewall LOG in the tree.

    Click on that ..then in the right side of the screen..it will tell you all you need to know about LOGS for that firewall :)
     
  21. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I have the firewall without the Spyware program. I also read the tutorial......but I find it all difficult! I configured the firewall through the wizard and accepted the rules as they were made and I presume that's ok for a newby.
    I'm also behind a router, so I'm quite secure, I think.

    Thanks again for all the information.

    Greetings,

    ;) Putin
     
  22. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Yup i think you are doing just great with that firewall..and now you know in the future that this thread has additional links for you to find out more about your firewall when you want to begin to configure it for your special needs.

    The more you use it..the better you will understand what it is doing.. :)
     
Thread Status:
Not open for further replies.