[Emerging-Sigs] New Zeus thing?

waldo kitty wkitty42 at windstream.net
Mon Sep 15 14:38:13 EDT 2014

On 9/15/2014 10:09 AM, Packet Hack wrote:
> HEAD / HTTP/1.1
> Host: tdsitmqawom


> Connection: keep-alive
> Content-Length: 0
> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/37.0.2062.120 Safari/537.36
> Accept-Encoding: gzip,deflate
> Seeing this in conjunction with Zeus traffic.

without a FQDN, could this thing be attempting to connect over some sort of VPN 
to other machines in the VPN? would this take the term "botnet" to a new level?

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Emerging-sigs mailing list