Snort mailing list archives
Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Wed, 5 Oct 2011 15:59:32 -0400
FWIW... We saw enough bad things come out of here that we blocked the whole sedoparking IP range at the firewall. If you do content filtering I suggest blocking parked domains. We see a lot of hits on sites categorized as "malicious" who's referers came from parked domains. Just my opinion. On Wed, Oct 5, 2011 at 2:40 PM, NA <dustypath () comcast net> wrote:
Yes I have hit this one also on : www165.sedoparking.com It is listed on trustedsource.org with a high risk email reputation. Bill B On 10/5/11 10:33 AM, Jefferson, Shawn wrote:Does anyone else see this signature (19123) triggered by domain parkingpages? Every single one I've seen is linked to sedoparking.com and appears to be innocent. Virustotal always reports "clean site" or "unrated site". To me it looks like this signature is alerting on an artefact of a malicious page, but this is not a unique thing to alert on.www.victoriarollergirls.com is an example of what I'm talking about.(careful just in case)------------------------------------------------------------------------------All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news!------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jefferson, Shawn (Oct 05)
- Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking NA (Oct 05)
- Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jason Wallace (Oct 05)
- Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking NA (Oct 05)