[Emerging-Sigs] Fake AV sigs.

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Oct 6 10:06:46 EDT 2010

Usually there'll be one of the traditional CnC channels. In many cases at least. 

If you're getting that many I'd disable, it's not a 100% sign of infection, just an attempt. You'll have other activity if someone really gets whacked.


On Oct 5, 2010, at 6:16 PM, Paul Halliday wrote:

> Is there any typical secondary rules that fire after a successful install? A phone home type thing? I get close to a 100 of these each day and I am just looking for a more efficient way to quickly qualify them.
> Thanks.
> -- 
> Paul Halliday
> Ideation | Individualization | Learner | Achiever | Analytical
> http://www.pintumbler.org
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html

Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101006/3e15b6b7/attachment.html

More information about the Emerging-sigs mailing list