Snort mailing list archives
Re: JackPOS sig
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 14 Feb 2014 10:04:00 -0700
On 2014-02-14 09:39, Joel Esler (jesler) wrote:
James, This (and one more) have been committed: 29816 29817 -- JOEL ESLER Threat Intelligence Team Lead Open Source Manager Vulnerability Research Team On Feb 11, 2014, at 7:21 PM, Joel Esler <jesler () cisco com [7]> wrote:Thanks James, we’ll get this in! -- JOEL ESLER Threat Intelligence Team Lead Open Source Manager Vulnerability Research Team On Feb 11, 2014, at 6:09 PM, James Lay <jlay () slave-tothe-box net [6]> wrote:On 2014-02-11 13:46, James Lay wrote:alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC JackPOS User-Agent detected"; flow:to_server,established; file_data; content:"User-Agent|3A|something"; http_header; fast_pattern:only; metadata:policy balanced-ips drop, policy security-ips drop, service http;reference:url,blog.spiderlabs.com/2014/02/jackpos-the-house-always-wins.html[1]; classtype:trojan-activity; sid:10000125; rev:1;) PoS Malware..what a pain. James
Thanks Joel...let's hope nobody ever sees it...bad scene :( James ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- JackPOS sig James Lay (Feb 11)
- Re: JackPOS sig James Espinosa (Feb 11)
- Re: JackPOS sig James Lay (Feb 11)
- Re: JackPOS sig James Lay (Feb 11)
- Re: JackPOS sig Joel Esler (jesler) (Feb 11)
- Re: JackPOS sig Joel Esler (jesler) (Feb 14)
- Re: JackPOS sig James Lay (Feb 14)
- Re: JackPOS sig Joel Esler (jesler) (Feb 11)
- Re: JackPOS sig James Espinosa (Feb 11)