[Emerging-Sigs] is this a hit or a false +ve? 2008548

Russell Fulton r.fulton at auckland.ac.nz
Thu Jan 22 21:03:38 EST 2009


ET MALWARE Systemdoctor.com/Antivir2008 related Fake Anti-Virus User- 
Agent (3P and version num)	2008548

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;  
SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; 3P_UVRM 1.0.11.1;  
Seekmo 10.0.431.0;

Yes, I know it has seekmo :)  but what I want to know if the 3P_UVRM  
1.0.11.1 is what the sig is really looking for?

Russell

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4125 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090123/109bcc3a/smime.bin


More information about the Emerging-sigs mailing list