[Emerging-Sigs] Mass File Injection Attack From Russia With Zlob
Joel Esler
joel.esler at sourcefire.com
Mon May 12 14:28:31 EDT 2008
You would be right.
On May 12, 2008, at 2:23 PM, James McQuaid wrote:
> Sounds good. ISC would probably note the availability of the Emerging
> Sig. Also, these people may have their hands in exploits other than
> this particular injection.
>
> Jim
>
> On Mon, May 12, 2008 at 12:15 PM, Matt Jonkman
> <jonkman at jonkmans.com> wrote:
>> Hmmm, interesting. Tempted to add a temporary sig for that string in
>> current_events. About 91k hits in google.
>>
>> Anyone have thoughts there? Maybe one sig for inbound to
>> http_servers, one
>> for back to clients?
>>
>> MAtt
>>
>>
>> James McQuaid wrote:
>>
>>> Some of the sites containing the xprmn4u.info injection also include
>>> "HaCKeD By BeLa & BodyguarD". If you do a corresponding Google
>>> search, you will see that they have been very busy.
>>>
>>>
>>
>> --
>> --------------------------------------------
>> Matthew Jonkman
>> Emerging Threats
>> Phone 765-429-0398
>> Fax 312-264-0205
>> http://www.emergingthreats.net
>> --------------------------------------------
>>
>> PGP: http://www.jonkmans.com/mattjonkman.asc
>>
>>
>>
>
>
>
> --
> James McQuaid
> http://www.jamesmcquaid.com
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
--
Joel Esler joel.esler at sourcefire.com
[m]
More information about the Emerging-sigs
mailing list