[Emerging-Sigs] New Zeus thing?
wmetcalf at emergingthreatspro.com
Mon Sep 15 14:47:59 EDT 2014
Could be I don't seem to have any samples of this.
On Mon, Sep 15, 2014 at 1:44 PM, Jørgen Bøhnsdalen <jurg at jurg.no> wrote:
> Isn't this just a Chrome HEAD to a non-existing domain to check for ISP
> - Jørgen
> On 15. sep. 2014 20:38, waldo kitty wrote:
> > On 9/15/2014 10:09 AM, Packet Hack wrote:
> >> HEAD / HTTP/1.1
> >> Host: tdsitmqawom
> > hunh??
> >> Connection: keep-alive
> >> Content-Length: 0
> >> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML,
> >> like Gecko)
> >> Chrome/37.0.2062.120 Safari/537.36
> >> Accept-Encoding: gzip,deflate
> >> Seeing this in conjunction with Zeus traffic.
> > without a FQDN, could this thing be attempting to connect over some sort
> > of VPN to other machines in the VPN? would this take the term "botnet"
> > to a new level?
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs