[Emerging-Sigs] kazakaza.php trojan communications

Eoin Miller eoin.miller at trojanedbinaries.com
Wed Oct 13 11:20:26 EDT 2010


  On 10/13/2010 2:12 PM, Joel Esler wrote:
> Thanks.
>
>
> Sent from my iPhone
Example on why not to just look for .bin/.db only just popped up again 
this morning:

GET /wetq.img HTTP/1.1..
Accept: */*..
Connection: Close..
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 
3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)..
Host: iwutyetitw.com..
Cache-Control: no-cache....

This sucker isn't even in ZeuS tracker yet.

-- Eoin


More information about the Emerging-sigs mailing list