[Emerging-Sigs] High false positive rate ET TROJAN Kazy/Kryptor/Cycbot Checkin 3

matt sendtomatt at gmail.com
Wed Dec 19 11:35:47 HAST 2012

On 12/19/12 12:57, Matt Jonkman wrote:
> Dang, ya. With the cgi in there it will false.
> We have many issues with the whole family of those sigs. Kazy does decoy
> checking, same request and uri, to legit sites as well as it's cnc. Tens to
> hundreds per infection.
> I'll kill this sig, we need a better way. We'll dig into it.
> Thanks Matt!
> Matt
Thank you for the excellent work, ET is awesome.


More information about the Emerging-sigs mailing list