[Snort-sigs] Feodo Botnet

Arbeiter, Stefan (K-SIS-O/1) stefan.arbeiter at ...3878...
Fri Jan 24 08:34:38 EST 2014

Hi all,

malwaremustdie has additional details:


including this User-Agent

Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US

No FP so far.

Von: James Lay [mailto:jlay at ...3266...]
Gesendet: Freitag, 24. Januar 2014 12:59
An: snort-sigs at lists.sourceforge.net
Betreff: Re: [Snort-sigs] Feodo Botnet

On Fri, 2014-01-24 at 11:36 +0100, Lukas Matt wrote:

Hi guys,

our sources are reporting heavy spam loads created by the Feodo Botnet.

A quick search on the rules produced no result.

Does guys (https://feodotracker.abuse.ch/blocklist.php?download=snort)

wrote already some IPS rules.

Will there be a update in future?



Nice work..thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140124/1182cb56/attachment.html>

More information about the Snort-sigs mailing list