[Emerging-Sigs] kazakaza.php trojan communications

Joel Esler jesler at sourcefire.com
Wed Oct 13 09:56:26 EDT 2010


No. I'm trying to help you reduce false positives.  


Sent from my iPhone

On Oct 13, 2010, at 9:53 AM, "evilghost at packetmail.net" <evilghost at packetmail.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/13/2010 08:46 AM, Joel Esler wrote:
>> Do you have sigs that watch the .bin?  or .db?  That would seem to be more reliable.
> 
> Please read the full thread concerning this discussion, you're bringing
> us full-round in a circle, and de-railing efforts.
> 
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iQIcBAEBAgAGBQJMtbnCAAoJENgimYXu6xOHpgEP/jJlQi3zCq72tTdNF8tRsRgN
> q7LMHCC23DPlzY8mG5NB7UlwQoc1DrViwzGsFSWC1MhS+m1KDz3/AX3Pz6ieel0h
> r1l1BSTY5s4RX903pPlRuw3E9TL0ADR4FopFpjaciU7fMuwuj0KGsvvgQbiurQmH
> ilnaWIpQ27UjdR2nXydGJPcAI2ON8wAjTI29vZbUsRvZ+loqCf7bcMmmE896rgYQ
> 0Tm2daTQg1UHcEBF92qwKHPSxbfNixYF1FNbC2lCFq/rem5cp36TTvazi63o6MdY
> qa70moW0D5RkFio6Oth10u/YyHVnEh5HeTSDryI9T3XHLZyi0MntbrydXDW7ArSK
> iMWyn6JhWfx2VqUWadE/Tp4ApQoL55H7+4rVsByijFl4XikogTKqUWcof21ebuqf
> mcU/sZLPj1ikZRYxu28E2T/LQFh2C9BbHGaXwDJlgWUIum9goe2RpQy0bBwfZY4r
> OTAd9uHAVctp5cwDhZLpYIwwAofZlo01q+UVF96rY2lGhTsrjjlFNR+v0fm6yf20
> ScgVNv5rIX5iMnCM1p9xpDtqyzoteUfYEkkJhOYFMRummD0ykb7uQD4oI6q34OWF
> BgYQgoOsOGpO2fEft7i9OGRSKA2mNsXrZmkSFZ6/cBC26XMyzF4u5jU+UUdrm9lh
> WQ6zFcYs0x2PGVXVNyjo
> =ozKC
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


More information about the Emerging-sigs mailing list