[Emerging-Sigs] 2010157/ET USER_AGENTS TROJAN Nanspy User-Agent (XXX)

Martin Holste mcholste at gmail.com
Mon Oct 24 13:52:53 EDT 2011


There's a version of Safari with:

Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us)
AppleWebKit/X.X (KHTML, like Gecko) Version/X.X Mobile/XXXX Safari/X.X

Obviously not a match, but maybe whatever plugin the iPhone is using
"Mobile/XXXX" is a common component that's being used standalone
elsewhere by Sony in an updater util.

On Mon, Oct 24, 2011 at 12:39 PM, Packet Hack <pckthck at gmail.com> wrote:
> Seeing this trip the above sig:
>
>  GET / HTTP/1.1
>  User-Agent: XXXX
>  Host: www.sony.net
>  Cache-Control: no-cache
>
> Is this Nanspy? If not, anyone know what it is?
>
> -- pckthck
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
>


More information about the Emerging-sigs mailing list