[Emerging-Sigs] Fwd: alert: New event: POLICY Visual Basic script download attempt

Michael Scheidell michael.scheidell at secnap.com
Mon Oct 10 21:41:16 EDT 2011

who  would rely on downloading vbs scripts to make their web site run 
did these people grow up in a barn?

GET /ver1.0/Content/ua/scripts/flXHR/flXHR.vbs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.hattiesburgamerican.com/comments/article/20111010/SPORTS/111010013/Big-East-looks-12-teams-football
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: sitelife.hattiesburgamerican.com

10/10-20:29:07 <trust1> TCP -->
[1:18758:2] POLICY Visual Basic script download attempt
[Classification: Generic Protocol Command Decode] [Priority: 3]

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111010/ab512723/attachment.html

More information about the Emerging-sigs mailing list