[Emerging-Sigs] kazakaza.php trojan communications

evilghost@packetmail.net evilghost at packetmail.net
Wed Oct 6 13:58:34 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/06/2010 12:53 PM, waldo kitty wrote:
> it repeatedly reaches
>> out to www.google.com/webhp before it ever tries to pull down the binary
>> files from the CnC's

This is ZeuS doing the "can I see the Internet" dance before it starts
hitting the config servers listed.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMrLjKAAoJENgimYXu6xOHsdkP/0tAYyjkFL6mhbGzmsjbO81W
mkIpAeT/SA91K+Qlj4vItReC1i1TyZw43KPJ33Q1Hogb8TPCJZ23P2Lmm4XXcGMZ
PKEk0jqeSkAhkhdAr9efVp/cFvTV6Pbmvyltbg20cNqAejbdW6vBTd8pNGggzK8/
2YFLEYVR/e/U9Di579jHtaSRYFDgEgDVyG8MXRzJwUsFj3+aLUL6y8mkU2My1gpq
QobN0BU4D50CTZEY4V+bAFNoZ0uY9orgzLoO8EupSEzVgjuWvNU/eBYwIsjA3EgI
de5cF0D/OFggDvLBsFaifEXDF0ID2WW19MJlpmvVO86J5lV4/YasUPCpO3ZCY91m
rKI2fT3PodiprE1PWqPqzNSfJLC8W5zQN1Ou5GKPxcoTBRKH0omh34RDsiBR1ld2
qT8NdV0iUj/BHptVXNH3ZxMKzxpupIwgahlNug8nlXWQL7w17ZSILb17CD6mTdaa
gM8CtwNVvOohBSempD9fBrIHjVvKTaUiW1HOWKBAm6XTwdqa84UvfT9G4KTmpIKn
Ix9csBYqrnQRANro+9VU/SKytEACtGWGAn0t5RM1jFbRIIMDu7vTHF0tSQKhp+3r
wxgFlltlzzAVGkx0T7br6zea04+/1LkUBzmI2fvkZMgGeRWDSfKeZmV4pNs3SPPC
qBYDUsq6JWUiA1uDjCI9
=wHJn
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list