[Snort-sigs] SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm

McGlamery, Russell rmcglamery at ...3965...
Wed Oct 15 08:02:31 EDT 2014

This looks line its something related to older versions of FireFox, I am
trying to verify now.


On 10/15/14, 7:24 AM, "Greg Kay" <gkay at ...3961...> wrote:

>We are getting a large amount of hits for this domain which appears to be
>Symantec owned.  Fairly certain this is a false positive.
>* 1:32174 <-> ENABLED <-> BLACKLIST DNS request for known malware domain
>sr.symcd.com - Osx.Backdoor.iWorm (blacklist.rules)
>* 1:32173 <-> ENABLED <-> BLACKLIST DNS request for known malware domain
>s2.symcb.com - Osx.Backdoor.iWorm (blacklist.rules)
>IP address is associated with geotrust, thawte and verisign as well.
>Have checked the references to virustotal but haven't seen anything there
>suggesting its bad.   Maybe I'm missing something.
>Greg Kay 
>netConsult is the trading name of nMSS Limited.
>Telephone (UK) +44 20 7100 3310
>Telephone (US) +1  646 465 7620
>Registered in England and Wales: Company No 4509492, VAT No 802254076
>Registered Office: 19-20 Bourne Court, Southend Road, Woodford Green, IG8
>Important Notice:
>This message is for the named recipient(s) use only. It may contain
>confidential, proprietary, or legally privileged information.
>No confidentiality or privilege is waived or lost by any mistransmission.
>If you have received this message by error, please immediately
>notify the sender, delete it and all copies of it from your system,
>destroy any hard copies, and notify postmaster at ...3962...
>If you are not the intended recipient, you must not use, disclose,
>distribute, print, or copy any part of this message directly or
>Unless otherwise stated, all quoted prices exclude VAT. Please see our
>Terms & Conditions for further details.
>Comprehensive Server Monitoring with Site24x7.
>Monitor 10 servers for $9/Month.
>Get alerted through email, SMS, voice calls or mobile push notifications.
>Take corrective actions from your mobile device.
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>Please visit http://blog.snort.org for the latest news about Snort!

More information about the Snort-sigs mailing list