[Emerging-Sigs] New Zeus thing?

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Sep 15 14:47:59 EDT 2014


Could be I don't seem to have any samples of this.

Regards,

Will

On Mon, Sep 15, 2014 at 1:44 PM, Jørgen Bøhnsdalen <jurg at jurg.no> wrote:

> Isn't this just a Chrome HEAD to a non-existing domain to check for ISP
> DNS-hijacking?
>
> https://productforums.google.com/forum/#!topic/chrome/hl0Knv7p4-4
>
> - Jørgen
>
> On 15. sep. 2014 20:38, waldo kitty wrote:
> > On 9/15/2014 10:09 AM, Packet Hack wrote:
> >> HEAD / HTTP/1.1
> >> Host: tdsitmqawom
> >
> > hunh??
> >
> >> Connection: keep-alive
> >> Content-Length: 0
> >> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML,
> >> like Gecko)
> >> Chrome/37.0.2062.120 Safari/537.36
> >> Accept-Encoding: gzip,deflate
> >>
> >> Seeing this in conjunction with Zeus traffic.
> >
> > without a FQDN, could this thing be attempting to connect over some sort
> > of VPN to other machines in the VPN? would this take the term "botnet"
> > to a new level?
> >
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140915/a6dace3a/attachment.html>


More information about the Emerging-sigs mailing list