I got a very unusual alert from my antivirus program on an intrusion from what appears to be the Clam AntiVirus program.
Can anyone tell me how this is happening and what I can do to
Code:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2/11/2016 7:41:28 PM,High,An intrusion attempt by www.ATTACKINGDOMAINNAME.com was blocked.,Blocked,No Action Required,Fake App Attack: Fake Scan Webpage 4,No Action Required,No Action Required,"ATTACKINGDOMAINNAME (SERVERIP, 2082)",WEBSITEDOMAIN.EXT:2082/cpsess499112525/frontend/paper_lantern/clamavconnector/live_go.html?scan=pubhtml,"SCATMAN-DESKTOP (10.0.0.252, 53753)",www.ATTACKINGDOMAINNAME.com (198.1.81.235),"TCP, Port 2082"
Network traffic from WEBSITEDOMAIN.EXT:2082/cpsess499112525/frontend/paper_lantern/clamavconnector/live_go.html?scan=pubhtml</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE.
Last edited by a moderator: