[Emerging-Sigs] kazakaza.php trojan communications
wkitty42 at windstream.net
Fri Oct 1 16:04:37 EDT 2010
On 10/1/2010 15:43, John Dyson wrote:
> We just pick up the standard set of ET rules:
> url = http://www.emergingthreats.net/rules/emerging.rules.tar.gz
emerging-compromised.rules is in there... i'm pretty sure that 184.108.40.206 and
220.127.116.11 will be in listed in there shortly... the compromised and
compromised-BLOCK files are updated quite regularly...
> I ended up sending the entire capture thread to evil for him to take a
> look at, though it looks like it may not be needed.
yeah... someone'll get a quick rule out to catch this one so it can be kept an
eye on ;)
More information about the Emerging-sigs