Snort mailing list archives
Low hanging fruit - inforet
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 29 Aug 2012 13:27:06 -0600
Not sure where I have this in my archive of bad pcaps, but inforet.html sure seems familiar: http://urlquery.net/report.php?id=148265 http://jsunpack.jeek.org/dec/go?report=a70cd8d80447f3c493b1cb6f8f0706536a84d068 https://www.mywot.com/en/forum/25940--rejected-tax-transaction-rejrev-html-malware alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"COMMUNITY INDICATOR-COMPROMISE /inforet.html HTTP request in URI"; flow:established,to_server; content:"/inforet.html"; http_uri;fast_pattern:only; sid:x; rev:1;) from the mywot site: (CAREFUL THESE ARE ACTIVE!) geoprovi.es/inforet.html jyyswh.com/inforet.html mpmusic.es/inforet.html Pretty sure these will change to something else over time. Maybe useful, maybe not :) James ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Low hanging fruit - inforet James Lay (Aug 29)
- Re: Low hanging fruit - inforet lists () packetmail net (Aug 29)
- Re: Low hanging fruit - inforet James Lay (Aug 29)
- Re: Low hanging fruit - inforet Joel Esler (Aug 29)
- Re: Low hanging fruit - inforet James Lay (Aug 29)
- Re: Low hanging fruit - inforet James Lay (Aug 29)
- Re: Low hanging fruit - inforet lists () packetmail net (Aug 29)