[Emerging-Sigs] Blackhole served via Yahoo

Joel Esler jesler at sourcefire.com
Mon Dec 17 11:03:50 HAST 2012


Yup.  Been monitoring that, we have coverage already.  

That's also been in the IP blacklist since the 12th.


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Dec 17, 2012, at 3:14 PM, Nathan <nathan at packetmail.net> wrote:

> Looks like I just started picking up "Java.jar" today:
> 
> SELECT distinct
> date_time,http_status,url_body_size,media_type,url,url_referrer,user_agent FROM
> webwasher_full where day>='2012-12-01' and (url like '%blogsmithmedia.net%')
> and http_status <> '407'
> 
> {see attached}
> 
> <blogsmithmedia.txt>_______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121217/e7cbaa68/attachment.html>


More information about the Emerging-sigs mailing list