[Emerging-Sigs] High false positive rate ET TROJAN Kazy/Kryptor/Cycbot Checkin 3

matt sendtomatt at gmail.com
Wed Dec 19 11:35:47 HAST 2012


On 12/19/12 12:57, Matt Jonkman wrote:
> Dang, ya. With the cgi in there it will false.
>
> We have many issues with the whole family of those sigs. Kazy does decoy
> checking, same request and uri, to legit sites as well as it's cnc. Tens to
> hundreds per infection.
>
> I'll kill this sig, we need a better way. We'll dig into it.
>
> Thanks Matt!
>
> Matt
>
>
Thank you for the excellent work, ET is awesome.

Matt


More information about the Emerging-sigs mailing list