Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Low hanging fruit - inforet

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 29 Aug 2012 16:06:07 -0400
Looking into this now.  Thanks James.

On Aug 29, 2012, at 3:47 PM, James Lay <jlay () slave-tothe-box net> wrote:


On 2012-08-29 13:34, lists () packetmail net wrote:

On 08/29/12 14:27, James Lay wrote:

Pretty sure these will change to something else over time.  Maybe
useful, maybe not :)


This is associated with a Blackhole mailing campaign purporting to 
originate
from IRS (typical); I starting seeing this on the 27th, IMHO I'm not
sure it's
worth inclusion because it changes on a per-campaign basis 
(photo.htm,
upload.htm, inforet.html, etc etc)

I saw it with hxxp://metrotienda.netai.net/inforet.html

Respectfully,
Nathan


Yea...kinda figured but thought I'd chuck it out there :)  Thanks 
Nathan.

James

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: