Snort mailing list archives

BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Wed, 5 Oct 2011 11:33:35 -0600

Does anyone else see this signature (19123) triggered by domain parking pages?  Every single one I've seen is linked to 
sedoparking.com and appears to be innocent.  Virustotal always reports "clean site" or "unrated site".  To me it looks 
like this signature is alerting on an artefact of a malicious page, but this is not a unique thing to alert on.

www.victoriarollergirls.com is an example of what I'm talking about.  (careful just in case)



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jefferson, Shawn (Oct 05)
- Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking NA (Oct 05)
  - Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jason Wallace (Oct 05)
    - Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Joel Esler (Oct 05)