[Emerging-Sigs] Fake AV sigs.

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Oct 6 10:06:46 EDT 2010


Usually there'll be one of the traditional CnC channels. In many cases at least. 

If you're getting that many I'd disable, it's not a 100% sign of infection, just an attempt. You'll have other activity if someone really gets whacked.

Matt



On Oct 5, 2010, at 6:16 PM, Paul Halliday wrote:

> Is there any typical secondary rules that fire after a successful install? A phone home type thing? I get close to a 100 of these each day and I am just looking for a more efficient way to quickly qualify them.
> 
> Thanks.
> 
> -- 
> Paul Halliday
> Ideation | Individualization | Learner | Achiever | Analytical
> http://www.pintumbler.org
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101006/3e15b6b7/attachment.html


More information about the Emerging-sigs mailing list