[Emerging-Sigs] Question

Jack Mott jmott at emergingthreats.net
Fri Jan 17 04:17:15 HST 2020


Hi Leonard,

Grepping the ruleset for terms like "FakeAV" or "Tech Support" should
return some sigs looking for these kinds of threats. Like I mentioned, if
you have a domain serving these up handy, we can craft some detections
around it.

Best,

Jack

On Fri, Jan 17, 2020 at 8:30 AM Leonard Jacobs <ljacobs at netsecuris.com>
wrote:

> Where would I find the signatures or what are they called that are
> available now?
>
> Thanks.
>
> * From: * Jack Mott <jmott at emergingthreats.net>
> * To: * Leonard Jacobs <ljacobs at netsecuris.com>
> * Cc: * <emerging-sigs at lists.emergingthreats.net>
> * Sent: * 1/17/2020 6:52 AM
> * Subject: * Re: [Emerging-Sigs] Question
>
> Hi Leonard,
>
> We have some signatures available for various fake AV/tech support scam
> type websites, but due to their constant changes and variability it can
> sometimes be a game of whack-a-mole for us. If you have a domain we could
> look at to craft detection, we would be more than happy to do so.
>
> Please do not hesitate to reach out with any other questions or concerns!
>
> Best,
>
> Jack
>
> On Thu, Jan 16, 2020 at 11:03 PM Leonard Jacobs <ljacobs at netsecuris.com>
> wrote:
>
> Are there any signatures that would block fake tech support websites?
>
> See this screenshot sent to me.
>
>
>
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200117/b69b0b6b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpg
Type: image/jpeg
Size: 38989 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200117/b69b0b6b/attachment-0001.jpg>


More information about the Emerging-sigs mailing list