[Emerging-Sigs] kazakaza.php trojan communications

waldo kitty wkitty42 at windstream.net
Fri Oct 1 16:04:37 EDT 2010


On 10/1/2010 15:43, John Dyson wrote:
> We just pick up the standard set of ET rules:
> url = http://www.emergingthreats.net/rules/emerging.rules.tar.gz

emerging-compromised.rules is in there... i'm pretty sure that 193.41.38.122 and 
193.41.38.121 will be in listed in there shortly... the compromised and 
compromised-BLOCK files are updated quite regularly...

> I ended up sending the entire capture thread to evil for him to take a
> look at, though it looks like it may not be needed.

yeah... someone'll get a quick rule out to catch this one so it can be kept an 
eye on ;)



More information about the Emerging-sigs mailing list