Snort mailing list archives
Re: What the heck is this...
From: "Lay, James" <james.lay () wincofoods com>
Date: Thu, 12 May 2011 10:20:26 -0600
Thanks Matt. James
-----Original Message----- From: Matt Watchinski [mailto:mwatchinski () sourcefire com] Sent: Thursday, May 12, 2011 10:05 AM To: Lay, James Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] What the heck is this... Quick inspection of this is its just an inlined gif image, nothing malicious <img .... src=data:image/gif;base64 ... " Rest of the data is then base64 encoded. Decoding base64 and inspecting the image doesn't show anything that is out of the ordinary. Ran it through http://www.urlvoid.com/ , just for fun. http://www.urlvoid.com/scan/f.uxlj.no12u.bz returns Clean. Cheers, -matt On Thu, May 12, 2011 at 10:59 AM, Lay, James <james.lay () wincofoods com> wrote:Hey again all! So....hope this is an ok avenue for this. Just got this: http://f.uxlj.no12u.bz/oxt.html It's gone now, but I have a copy (thank heaven for FPC J). Looks like html+base64+script? Zipped so as not to fire off anything....please let html+base64+me know if there's a better place to discuss/submit this kind of thing. Snort didn't fire on it however. James ---------------------------------------------------------------------- -------- Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-blog.snort.org && http://www.snort.org/vrt/
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Joel Esler (May 12)
- Re: What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Matt Watchinski (May 12)
- Re: What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Joel Esler (May 12)