[Emerging-Sigs] Fwd: alert: New event: POLICY Visual Basic script download attempt

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Oct 11 06:18:24 EDT 2011


Not a barn, but likely a college CS program with nothing but .net and VB. 

(The last curriculum board I sat on locally didn't work out well…)


On Oct 10, 2011, at 9:41 PM, Michael Scheidell wrote:

> who  would rely on downloading vbs scripts to make their web site run better?
> did these people grow up in a barn?
> GET /ver1.0/Content/ua/scripts/flXHR/flXHR.vbs HTTP/1.1
> Accept: application/javascript, */*;q=0.8
> Referer: 
> http://www.hattiesburgamerican.com/comments/article/20111010/SPORTS/111010013/Big-East-looks-12-teams-football
> Accept-Language: en-US
> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
> Accept-Encoding: gzip, deflate
> Host: sitelife.hattiesburgamerican.com
> 10/10-20:29:07 <trust1> TCP -->
> [1:18758:2] POLICY Visual Basic script download attempt
> [Classification: Generic Protocol Command Decode] [Priority: 3] 
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.spammertrap.com/
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4364 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111011/84c6532a/smime.bin

More information about the Emerging-sigs mailing list