[Emerging-Sigs] kazakaza.php trojan communications

evilghost@packetmail.net evilghost at packetmail.net
Wed Oct 13 11:35:30 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 10/13/2010 10:31 AM, Joel Esler wrote:
> He's having good results with some Sourcefire sigs and a lot of custom stuff, so we are trying one or two different approaches.

I'd hope he's running the ET rulesets, my experience (echoed by others)
has been the VRT stuff is really inept at detecting infection and is
more so geared towards PoC-based vulnerabilities.

If your friend is interested in detecting infection I'd highly recommend
running the ET sets as the large majority of my contributions and others
are geared towards malware detection which just happens to be the most
significant threat at the moment.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMtdHCAAoJENgimYXu6xOHEXIQAIyGxy1ZfNfbP31h22o51h4c
o8lG2nD3kBLpRo77JCC4uR3+Rck3OOjY/qD/GTrTbhCBx5dhWQXccj5mElURwieS
7zus9MtxwxOHDyq5/EtgaKp8Im+P78mLXr4F93knWliiyQmzgpYAdHhsMFXq9ly1
9TnIh0olha+0PYSgvFeVldTIWs8AVRd3iaJ/7MQk5i04nqO/wfnT2N1gSeZgWnfK
rDv8fDlzYItODpPXljmAGDLEkPr34VDPRMbXjskzNXtBQps01D4E5qXRNGZ1TZrO
dyIgGHYwq14LI2H6uRwp2LpZN68zHgbnzik6e/GtXCll6DHv9j0KftlqAnaJNJkI
G9G9eXY9hs7urGTY+EaaEP/fpfdwLs4YJ8TWzrGqWM7VIavmSYxTc0sAQbEEPVHj
d6GIEXVFapmNr9Sp16uvdB13SzO8RJEEpUyNLspmVBGVEoZ5ZwAPnsycs+swcp7Q
I+3uS5q0h3iMiTGh3i6/xO+I9XpXdQavicZgd1MOfKuh0SKzpOBVK0O2pK18TY44
7ZW0p4Zr97VhPPIdabXFv1BAZZMU0xR1jvEfclSD4lp5R9ECo3bPO5OvH8ip0FFm
5S0/xT5zbEm29ZL3l1gC5OV13J0D5AjdVHfJ7N1DBnLRsHqUO2l/5NBU6X2ujyAN
ZfsQ4rb2/XuEYolJ0sgd
=J7Ot
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list