[Emerging-Sigs] New UAS seen in Zlob

dxp dxp2532 at gmail.com
Thu Jan 15 23:34:21 EST 2009

UAS "securityinternet" isn't in the current ruleset.

Data on the sample:

        Connects to on tcp/80.
        GET /image/qsdyuioff/pubenmgfuy/ifgmzdjl.php?param=0;1312;1801
        User-Agent: securityinternet

Also, the IP should be added to the RBN list.

-=[ dxp ]=-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090115/c233d16a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090115/c233d16a/attachment.bin

More information about the Emerging-sigs mailing list