Re: Feodo Botnet

["Arbeiter, Stefan (K-SIS-O/1)" <stefan.arbeiter () volkswagen de>]

Hi all,

malwaremustdie has additional details:

http[://]malwaremustdie.blogspot[.]de/2013/01/cridex-fareit-infection-analysis.html?spref=tw&m=1

including this User-Agent

Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US

No FP so far.

Von: James Lay [mailto:jlay () slave-tothe-box net]
Gesendet: Freitag, 24. Januar 2014 12:59
An: snort-sigs () lists sourceforge net
Betreff: Re: [Snort-sigs] Feodo Botnet

On Fri, 2014-01-24 at 11:36 +0100, Lukas Matt wrote:



Hi guys,



our sources are reporting heavy spam loads created by the Feodo Botnet.

A quick search on the rules produced no result.



Does guys (https://feodotracker.abuse.ch/blocklist.php?download=snort)

wrote already some IPS rules.



Will there be a update in future?



Regards,

Lukas



Nice work..thank you.

James

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!