[Emerging-Sigs] Interesting Dropper c&c
Matt Jonkman
jonkman at jonkmans.com
Wed Mar 5 13:01:14 EST 2008
http://doc.emergingthreats.net/bin/view/Main/TrojanDropper497
Interesting one. Has an html-like tag language to push stats and info
about the system, and a keep alive status stream.
Haven't totally reversed it, but signatures are up that'll be reliable.
Calling it Yumato since it uses that name in it's server status
messages. Clam calls is Dropper-497.
Matt
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list