[Emerging-Sigs] 2013782/ET TROJAN W32.Duqu User-Agent

Packet Hack pckthck at gmail.com
Fri Oct 21 13:55:20 EDT 2011


Getting a lot of what appear to be normal requests on this one:

GET /hprofile-ak-snc4/273553_501076216_1129476137_q.jpg HTTP/1.1
Host: profile.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.facebook.com/

POST /ajax/feed/ticker/multi_story?__a=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-SVN-Rev: 461249
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www.facebook.com/
Content-Length: 2524
Cookie: [...]
Pragma: no-cache
Cache-Control: no-cache

-- pckthck


More information about the Emerging-sigs mailing list