[Snort-sigs] SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm
gkay at ...3961...
Wed Oct 15 07:24:36 EDT 2014
We are getting a large amount of hits for this domain which appears to be Symantec owned. Fairly certain this is a false positive.
* 1:32174 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm (blacklist.rules)
* 1:32173 <-> ENABLED <-> BLACKLIST DNS request for known malware domain s2.symcb.com - Osx.Backdoor.iWorm (blacklist.rules)
IP address is associated with geotrust, thawte and verisign as well.
Have checked the references to virustotal but haven't seen anything there suggesting its bad. Maybe I'm missing something.
netConsult is the trading name of nMSS Limited.
Telephone (UK) +44 20 7100 3310
Telephone (US) +1 646 465 7620
Registered in England and Wales: Company No 4509492, VAT No 802254076
Registered Office: 19-20 Bourne Court, Southend Road, Woodford Green, IG8 8HD
This message is for the named recipient(s) use only. It may contain confidential, proprietary, or legally privileged information.
No confidentiality or privilege is waived or lost by any mistransmission. If you have received this message by error, please immediately
notify the sender, delete it and all copies of it from your system, destroy any hard copies, and notify postmaster at ...3962...
If you are not the intended recipient, you must not use, disclose, distribute, print, or copy any part of this message directly or indirectly.
Unless otherwise stated, all quoted prices exclude VAT. Please see our Terms & Conditions for further details.
More information about the Snort-sigs