[Emerging-Sigs] gooqlepics.com Sig

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Jul 26 22:35:03 EDT 2011


Ha, sorry. Now I get it. There's a q in there. 

I'll get a sig out, thanks Michael!

Matt


On Jul 26, 2011, at 10:27 PM, Matthew Jonkman wrote:

> I'm not understanding I think. That's a google owned domain by whois.
> 
> Matt
> 
> On Jul 26, 2011, at 8:25 PM, Michael Lubinski wrote:
> 
>> how does this work.
>> 
>> alert tcp $HOME_NET any -> any 53 (msg:"Possible Malicous Domain, gooqlepics.com"; flow:established,to_server; content:"0a 67 6f 6f 71 6c 65 70 69 63 73 03 63 6f 6d 00" reference:http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at emergingthreats.net
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>> 
>> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> 
> 
> ----------------------------------------------------
> Matthew Jonkman
> Emergingthreats.net
> Emerging Threats Pro
> Open Information Security Foundation (OISF)
> Phone 866-504-2523 x110
> http://www.emergingthreatspro.com
> http://www.openinfosecfoundation.org
> ----------------------------------------------------
> 
> PGP: http://www.jonkmans.com/mattjonkman.asc
> 
> 
> 


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20110726/c9807791/attachment-0001.html


More information about the Emerging-sigs mailing list