Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified Taplica Infection


  • Please log in to reply
1 reply to this topic

#1 michaelmeis

michaelmeis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 October 2015 - 11:42 PM

Hey guys, new member to this site and looking for some help. I am working in a large scale enterprise environment and am coming across some Taplika class traffic that I am unable to identify. In the URI I am getting the typical Taplika class signature but with a bundle ID that I cannot find anything on.

 

...&a=wny_ggbg_15_29&...

 

I have pulled the SSL logs and the DNS logs and don't see anything out of the ordinary or anything that looks malicious. Has anyone encountered this traffic within their network and were they able to determine what type of Taplika infection they had?

 


Edited by michaelmeis, 13 October 2015 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 michaelmeis

michaelmeis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 21 October 2015 - 06:53 PM

For anyone who is interested, I figured it out. It's a browser hijacker WinYahoo that modifies Google Chrome settings and is very difficult to detect.

 

https://blog.malwarebytes.org/intelligence/2015/05/winyahoo-pup-modifies-chrome-secure-preferences/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users