[Emerging-Sigs] Blackhole served via Yahoo

Joel Esler jesler at sourcefire.com
Mon Dec 17 11:03:50 HAST 2012

Yup.  Been monitoring that, we have coverage already.  

That's also been in the IP blacklist since the 12th.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On Dec 17, 2012, at 3:14 PM, Nathan <nathan at packetmail.net> wrote:

> Looks like I just started picking up "Java.jar" today:
> SELECT distinct
> date_time,http_status,url_body_size,media_type,url,url_referrer,user_agent FROM
> webwasher_full where day>='2012-12-01' and (url like '%blogsmithmedia.net%')
> and http_status <> '407'
> {see attached}
> <blogsmithmedia.txt>_______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121217/e7cbaa68/attachment.html>

More information about the Emerging-sigs mailing list