[Snort-sigs] Low hanging fruit - inforet

Joel Esler jesler at ...435...
Wed Aug 29 16:06:07 EDT 2012


Looking into this now.  Thanks James.

On Aug 29, 2012, at 3:47 PM, James Lay <jlay at ...3266...> wrote:

> On 2012-08-29 13:34, lists at ...3397... wrote:
>> On 08/29/12 14:27, James Lay wrote:
>>> Pretty sure these will change to something else over time.  Maybe
>>> useful, maybe not :)
>> 
>> This is associated with a Blackhole mailing campaign purporting to 
>> originate
>> from IRS (typical); I starting seeing this on the 27th, IMHO I'm not
>> sure it's
>> worth inclusion because it changes on a per-campaign basis 
>> (photo.htm,
>> upload.htm, inforet.html, etc etc)
>> 
>> I saw it with hxxp://metrotienda.netai.net/inforet.html
>> 
>> Respectfully,
>> Nathan
> 
> Yea...kinda figured but thought I'd chuck it out there :)  Thanks 
> Nathan.
> 
> James
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-sigs mailing list