[Emerging-Sigs] blink.com

James McQuaid jim.mcquaid at gmail.com
Mon Jan 12 06:56:25 EST 2009

In the past, blink.com was responsible for desktop pop up ads, and an
Internet Explorer toolbar that delivered ads.


> From: Russell Fulton <r.fulton at auckland.ac.nz>
> Subject: [Emerging-Sigs] ET TROJAN Blink.com related Backdoor Checkin
> To: Emerging Threats Signatures <emerging-sigs at emergingthreats.net>
> Message-ID: <D9FE37F4-B9AE-4E2C-A57C-E812F8B76799 at auckland.ac.nz>
> Content-Type: text/plain; charset="us-ascii"
> I have a few machines triggering this rule and I am trying to find out
> just what sort of threat this is.  It would seem that Blink.com is
> some sort of "enhanced web search" facility but I can't find any thing
> that indicates that there are any threats related to it.
> No references in the sig either...
> Here is what I'm seeing:
> GET /?vn=65562&partner=seekeen&ptag=SeeFreez&cid=55788f374f1
> 84260b143cd7cd7135f00&initial_install=1&b=Seekeen&se=1&au=1&
> am=0&pver=1&retries=0 HTTP/1.0..User-Agent: Mozilla/4.0 (com
> patible; MSIE 7.0; Windows NT 6.0)..Host: upgrade.seekeen.co
> m..Pragma: no-cache....
> Russell

James McQuaid

More information about the Emerging-sigs mailing list