[Emerging-Sigs] Strange UDP Trojan check-in

Martin Holste mcholste at gmail.com
Tue Oct 4 14:20:17 EDT 2011


> Ah ok awesome glad that actually helps you out.
Yep, thanks for helping out!
> The infection vector for that one was Spam posing at the IRS -> blackhole exploit -> Zeus download.
Same here--if you have the email subject, can you post it?  I'm
thinking this is at least as valuable as the UPS spam signature
already in the ET set.

Does anyone have some advice on a signature for the UDP last nine bytes?


More information about the Emerging-sigs mailing list