[Emerging-Sigs] Strange UDP Trojan check-in

Weir, Jason jason.weir at nhrs.org
Tue Oct 4 14:30:29 EDT 2011

Sorry to jump in mid stream here but I'm pretty sure I've got some IRS
spam samples.. 

I'll take a look for email subject - anyone want the zip attachment to
play with?


> -----Original Message-----
> From: emerging-sigs-bounces at emergingthreats.net 
> [mailto:emerging-sigs-bounces at emergingthreats.net] On Behalf 
> Of Martin Holste
> Sent: Tuesday, October 04, 2011 2:20 PM
> To: adam.brunner at internetidentity.com
> Cc: emerging-sigs at emergingthreats.net
> Subject: Re: [Emerging-Sigs] Strange UDP Trojan check-in
> > Ah ok awesome glad that actually helps you out.
> Yep, thanks for helping out!
> > The infection vector for that one was Spam posing at the 
> IRS -> blackhole exploit -> Zeus download.
> Same here--if you have the email subject, can you post it?  I'm
> thinking this is at least as valuable as the UPS spam signature
> already in the ET set.
> Does anyone have some advice on a signature for the UDP last 
> nine bytes?


Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

More information about the Emerging-sigs mailing list