[Emerging-Sigs] Mass File Injection Attack From Russia With Zlob
Matt Jonkman
jonkman at jonkmans.com
Mon May 12 12:15:35 EDT 2008
Hmmm, interesting. Tempted to add a temporary sig for that string in
current_events. About 91k hits in google.
Anyone have thoughts there? Maybe one sig for inbound to http_servers,
one for back to clients?
MAtt
James McQuaid wrote:
> Some of the sites containing the xprmn4u.info injection also include
> "HaCKeD By BeLa & BodyguarD". If you do a corresponding Google
> search, you will see that they have been very busy.
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list