[Emerging-Sigs] ET TROJAN HTTP Post with Double Accept header; sid 2008975

Jeff Kell jeff-kell at utc.edu
Fri Jan 9 09:44:51 EST 2009


Nathaniel Richmond wrote:
> FYI,
>
> With regard to this alert, in at least some instances it seems to be
> associated with DRM. I've seen it trigger because of double accept
> headers going to drm.cbtnuggets.com, get.zune.net and
> wmdrm.windowsmedia.com. The User-Agent has been Windows-Media-DRM of
> one version or another, e.g. "Windows-Media-DRM/11.0.5721.5145".

Ditto here.

Jeff


More information about the Emerging-sigs mailing list