[Emerging-Sigs] [SURBL] Re: Proposed Signature for hostile 302 'gift.exe'

Nathan nathan at packetmail.net
Wed Oct 19 10:13:01 EDT 2011


> How about we just go with a suspicious download request for gift.exe? Not
all that many places where that'd happen naturally?

> Then we know if the browser followed and requested the exe, vs just an
attempt. I'd hope safebrowsing or some other protection might prevent it, and
thus we'd not have an event if so.

Works for me sir.  Never look a gift.exe in the MZ header.

Thanks,
Nathan



More information about the Emerging-sigs mailing list