[Emerging-Sigs] Mass File Injection Attack From Russia With Zlob
James McQuaid
jim.mcquaid at gmail.com
Mon May 12 14:23:55 EDT 2008
Sounds good. ISC would probably note the availability of the Emerging
Sig. Also, these people may have their hands in exploits other than
this particular injection.
Jim
On Mon, May 12, 2008 at 12:15 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> Hmmm, interesting. Tempted to add a temporary sig for that string in
> current_events. About 91k hits in google.
>
> Anyone have thoughts there? Maybe one sig for inbound to http_servers, one
> for back to clients?
>
> MAtt
>
>
> James McQuaid wrote:
>
> > Some of the sites containing the xprmn4u.info injection also include
> > "HaCKeD By BeLa & BodyguarD". If you do a corresponding Google
> > search, you will see that they have been very busy.
> >
> >
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>
--
James McQuaid
http://www.jamesmcquaid.com
More information about the Emerging-sigs
mailing list