[Emerging-Sigs] SEO Exploit Kit Sigs

Eoin Miller eoin.miller at trojanedbinaries.com
Fri Oct 1 12:47:32 EDT 2010


  On 10/1/2010 4:31 PM, waldo kitty wrote:
> On 10/1/2010 11:00, Eoin Miller wrote:
>>     As the SEO kit keeps changing quite frequently, here are new sigs to
>> see people hitting it and how they are being exploited:
> kinda makes ya wonder if they are reading this list or possibly using the ET
> rules and changing their fecal material specifically to get around the detection
> so they can keep on flying ;)
>
Just like how malware writers upload new malware to virustotal.com to 
ensure it doesn't trip and AV sigs prior to deploying it?

SEO code been rotating on the regular since I have started watching out 
for it. Exploits being used generally stay the same as do the 
malvertising code and the netblocks directing traffic into the kits.

-- Eoin


More information about the Emerging-sigs mailing list