Snort mailing list archives
rules 41458 41459 41460 and 41461
From: John Ives <jives () security berkeley edu>
Date: Thu, 9 Feb 2017 13:01:56 -0800
I was wondering if we could get more information on why rules 41458, 41459, 41460, and 41461 are described as "Osx.Keylogger.Elite variant outbound connection". We are seeing this in a number of installs for Mac Adware, but so far no indication of a keylogger. Additionally, when trying to look at the URL provided for a reference, it looks to be for a word macro virus. Yours, John -- ------------------------------------------------------------------------ John Ives Information Security & Policy Phone (510) 229-8676 University of California, Berkeley ------------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- rules 41458 41459 41460 and 41461 John Ives (Feb 09)
- Re: rules 41458 41459 41460 and 41461 Joel Esler (jesler) (Feb 09)