[Emerging-Sigs] FP: ET CURRENT_EVENTS MALVERTISING trafficbiztds.com - client receiving redirect to exploit kit : 2011469

Russell Fulton r.fulton at auckland.ac.nz
Sun Oct 23 03:48:36 EDT 2011

likely FP.  I notice the rule has content:!"http|3a|//www.google.com".  this might be inadequate -- I've got hits on just google.com:

HTTP/1.1 302 Found
Server: nginx/0.7.62
Date: Sat, 22 Oct 2011 09:09:17 GMT
Content-Type: text/html
Connection: close
Set-Cookie: SL_2_0000=_0_; domain=trafficbiztds.com; path=/; expires=Sun, 23-Oct-2011 09:09:17 GMT
Location: http://google.com/robots.txt
Content-Length: 184

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111023/0557fd7a/signature.bin

More information about the Emerging-sigs mailing list