[Emerging-Sigs] Strange UDP Trojan check-in
jason.weir at nhrs.org
Tue Oct 4 14:30:29 EDT 2011
Sorry to jump in mid stream here but I'm pretty sure I've got some IRS
I'll take a look for email subject - anyone want the zip attachment to
> -----Original Message-----
> From: emerging-sigs-bounces at emergingthreats.net
> [mailto:emerging-sigs-bounces at emergingthreats.net] On Behalf
> Of Martin Holste
> Sent: Tuesday, October 04, 2011 2:20 PM
> To: adam.brunner at internetidentity.com
> Cc: emerging-sigs at emergingthreats.net
> Subject: Re: [Emerging-Sigs] Strange UDP Trojan check-in
> > Ah ok awesome glad that actually helps you out.
> Yep, thanks for helping out!
> > The infection vector for that one was Spam posing at the
> IRS -> blackhole exploit -> Zeus download.
> Same here--if you have the email subject, can you post it? I'm
> thinking this is at least as valuable as the UPS spam signature
> already in the ET set.
> Does anyone have some advice on a signature for the UDP last
> nine bytes?
Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
More information about the Emerging-sigs