[Emerging-Sigs] SEO Exploit Kit Sigs
eoin.miller at trojanedbinaries.com
Fri Oct 1 12:47:32 EDT 2010
On 10/1/2010 4:31 PM, waldo kitty wrote:
> On 10/1/2010 11:00, Eoin Miller wrote:
>> As the SEO kit keeps changing quite frequently, here are new sigs to
>> see people hitting it and how they are being exploited:
> kinda makes ya wonder if they are reading this list or possibly using the ET
> rules and changing their fecal material specifically to get around the detection
> so they can keep on flying ;)
Just like how malware writers upload new malware to virustotal.com to
ensure it doesn't trip and AV sigs prior to deploying it?
SEO code been rotating on the regular since I have started watching out
for it. Exploits being used generally stay the same as do the
malvertising code and the netblocks directing traffic into the kits.
More information about the Emerging-sigs