[Emerging-Sigs] Signature for Trojan:Win32/Comotor.A!dll

evilghost@packetmail.net evilghost at packetmail.net
Wed Oct 20 09:02:53 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Strange trojan, looks like some anti-piracy deal?

127.0.0.1       thepiratebay.org
127.0.0.1       www.thepiratebay.org
127.0.0.1       mininova.org
127.0.0.1       www.mininova.org
127.0.0.1       forum.mininova.org
127.0.0.1       blog.mininova.org
127.0.0.1       suprbay.org
127.0.0.1       www.suprbay.org

- -evilghost

On 10/20/2010 07:55 AM, dave richards wrote:
> Hi Matt,
> 
> Please find the signatures for  Trojan:Win32/Comotor.A!dll,
> 
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET VIRUS
> Trojan:Win32/Comotor.A!dll Reporting(1)"; flow:to_server,established;
> content:"GET "; depth:4; uricontent:"/upd/check.php?"; nocase;
> uricontent:"ver="; nocase; uricontent:"cver="; nocase; uricontent:"id=";
> nocase;
> reference:url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b
> <http://threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b>;
> reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593
> <http://microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593>;
> sid:20101085; rev:1;)
> 
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET VIRUS
> Trojan:Win32/Comotor.A!dll Reporting(2)"; flow:to_server,established;
> content:"GET "; depth:4; uricontent:"/cy/dl.php"; nocase;
> uricontent:"id="; nocase;
> reference:url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b
> <http://threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b>;
> reference:url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593
> <http://microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593>;
> sid:20101086; rev:1;)
> 
> Looking forward for your comments if  any,
> -- 
> Regards,
> Dave
> 
> 
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMvuh9AAoJENgimYXu6xOHQAgP/j8fawpsrq5b90lGxyAtvytB
B2J7GdBkD/BMGwbCM0KPFfPlB1ddMgzmMTl/eOGCt6hLlqAYeXbnE7+3Y3JHIIRh
TXISDJSd5m+cXzSqeplGl605Q2D7BRTsqdbRcWzPy1ikWAdiXSBdH5nle0BLbXXZ
1VHhJBz5NQIotdxsNCdJOZtvBuVdO9Ml8t/lMzoCi39qhKO170gskZinor4QmoHo
gpGOgrfCBIupfZfF7EZ9h7fytjL8jDj5yYCWGHBA4BCcSUGbJOQoyE3c5ptdu5Cf
hAdNvkSJsGKURrOrGMwbE8kkS31PR20GUr7VwjVoCX/5lmIuY5yihffB9A5OIvTQ
1RJMNvOABxrfNjJx5/Zhxw4HiEhno3TahZ9nIq0klkifNz0DE+0vIx5uEcmXCuRq
/NrmvWoUz66zvplCqs4AYzepV4L2niDWsfJCshaPaGBWG07mTdEMyZeI7MYzsH82
rDEDbw8Mr6PJGXZMtMrwX8kTrwyOr7y0NS7NYzukg+FNcmOn/AAun3s5QTr2YWnJ
u144uFXXd/A2hNq99g0zeldovOx2uY1GUTuOeak4EgaSSdJ5cVg6Wt729liOu6DX
lio3B0kNem8I4oQBwtRQxOPudZS3MrYiUBDPB898lQIw386GzAk0Bdsfb5zhKIb/
HnFTu8xtxroLhtpI/1Pf
=8YsO
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list