[Emerging-Sigs] GBot Rule

Nick Chapman nchapman at secureworks.com
Fri Oct 29 12:11:09 EDT 2010


FYI - I've seen some indications that there's an ongoing malvertising campaign pushing gbot.  I'd hazard a guess that's why this traffic looks so close to legit ad traffic.  

There are some other domains currently being used listed here:

http://www.antivirus365.org/PCAntivirus/23574.html


Nick Chapman
Security Researcher
SecureWorks, Inc
________________________________________
From: emerging-sigs-bounces at emergingthreats.net [emerging-sigs-bounces at emergingthreats.net] On Behalf Of evilghost at packetmail.net [evilghost at packetmail.net]
Sent: Friday, October 29, 2010 12:02 PM
To: Matthew Jonkman
Cc: emerging-sigs at emergingthreats.net
Subject: Re: [Emerging-Sigs] GBot Rule

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/29/10 10:58, Matthew Jonkman wrote:
> Posting as well, that'll be interesting to see in the field, thanks eg

I could see it potentially doing strange things on advertising/banner ads since
much of what they do is so close to what malware does.  I can run it here for a
while if you want before you commit into the ruleset.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMyvAyAAoJENgimYXu6xOHt00P/j3AfiNmx1vBJ1+gbvbtXyU8
juPH/Z+oFaCLqg24kA+zwAqkjzAOWwsk6FYYu+4fJ4p6Xjr+YxJmAdJnEZniocPW
+/FTLmpE3lt/mmucppt0u0/L4kwcL2mjUydFp6Avogfzfw7dlixx+ZGmdML4+oQ1
kyE1993LoOAOV1m/d/ZcKgyM3RL7cMBRPyt65zJHJklz4FSpupZ+DFmMLqov77HU
gDUmqHu6HfuqdxGKyO5dlOhzibkwYaJUlcGZ+uBHjoBQdr6qwisV5RwQ7B21V9qj
rvSij9N3etf0WERWnYmhR6uBnHF7w94GXxNxIkmYxSoB4rtO8GOtW72rU+fSr+4v
k6BWr7/5f0i+yB5y5gm35ohXo5osFSqr69yFRZrwnxDm5jQ42tAjjGqDlm6VOiLG
+24Mn3d+UFpSQTifbVOIzrGGctcfXM2pT1G9Qll+LncZctnnpCGfOIPWwmx8cZYc
fbjVcfX7i7scQgWXwHYNfvscAX6lsGs6KtcnrcyqnBbhuZdzC1r1Xx12UQH+DJKg
sYUrfLhqDFdDzUdsjEqh/7fLXE/ErkfynW+WgU8kFak7DSwD9ror9iJ9YkAKFkRN
JveY027QxIC5+qWpzp+Mraxb3JOg1MfY8nYFtYBw9/UqQTDxF6gn5vqZSRTOBT/Y
5oBxHxlZyTaPLsn4nK2X
=hY+l
-----END PGP SIGNATURE-----

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs at emergingthreats.net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


More information about the Emerging-sigs mailing list