[Emerging-Sigs] ET TROJAN Blink.com related Backdoor Checkin

Russell Fulton r.fulton at auckland.ac.nz
Sun Jan 11 21:50:31 EST 2009


I have a few machines triggering this rule and I am trying to find out  
just what sort of threat this is.  It would seem that Blink.com is  
some sort of "enhanced web search" facility but I can't find any thing  
that indicates that there are any threats related to it.

No references in the sig either...

Here is what I'm seeing:

GET /?vn=65562&partner=seekeen&ptag=SeeFreez&cid=55788f374f1
84260b143cd7cd7135f00&initial_install=1&b=Seekeen&se=1&au=1&
am=0&pver=1&retries=0 HTTP/1.0..User-Agent: Mozilla/4.0 (com
patible; MSIE 7.0; Windows NT 6.0)..Host: upgrade.seekeen.co
m..Pragma: no-cache....


Russell

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4125 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090112/07b769ef/smime.bin


More information about the Emerging-sigs mailing list