Snort mailing list archives
Re: Openadvertising.com Malware Campaign malicious jar sigs
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 19 Jun 2013 09:24:56 -0600
On 2013-06-19 08:11, Joel Esler wrote:
On Jun 18, 2013, at 7:31 PM, lists () packetmail net wrote:hxxp://www.msas.ch/images/_notes/.cache/?f=site.jar&k=9899151747059318&h=0504dc8510fdce57This is the Jar exploit (more info below)hxxp://www.msas.ch/images/_notes/.cache/?f=sm_main.mp3&k=9899151747059329&h=0504dc8510fdce57This is the zeroaccess downloadhxxp://www.communicatemagazine.co.uk/plugins/editors/tinymce/jscripts/tiny_mce/plugins/media/images/.cache/?f=site.jar&k=9465364283059318&h=0504dc8510fdce57 hxxp://www.la-diag.com/forum.bad/images/.cache/?f=site.jar&k=7484643054057816&h=a8946c52c90a7e96 hxxp://www.arielentertainment.com/images/new_buttons/enter_button/.cache/?f=site.jar&k=6046817725057817&h=a8946c52477b6b89 hxxp://iavisarts.org/include/adodb/.cache/?f=atom.jar&k=9900174397059339&h=0504dc8578794650More jar exploits, but two different methods, site.jar is cve-2013-1493 and atom.jar is cve-2013-2423. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
Good info Joel...also show's my bag of fail on my rule ;) Thanks again. James ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 18)
- Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 18)
- Re: Openadvertising.com Malware Campaign malicious jar sigs lists () packetmail net (Jun 18)
- Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 18)
- Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 19)
- Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 19)
- Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 19)
- Re: Openadvertising.com Malware Campaign malicious jar sigs lists () packetmail net (Jun 18)
- Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 19)
- Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 19)
- Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 18)