[Emerging-Sigs] New UAS seen in Zlob

dxp dxp2532 at gmail.com
Thu Jan 15 23:34:21 EST 2009


UAS "securityinternet" isn't in the current ruleset.

Data on the sample:


        http://www.virustotal.com/analisis/67376ebda71496562f026d6ade7e876d
        Connects to 92.241.163.63 on tcp/80.
        
        GET /image/qsdyuioff/pubenmgfuy/ifgmzdjl.php?param=0;1312;1801
        HTTP/1.1
        User-Agent: securityinternet
        

Also, the IP should be added to the RBN list.
-  

-=[ dxp ]=-
0xA3F3C6E3


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090115/c233d16a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090115/c233d16a/attachment.bin


More information about the Emerging-sigs mailing list