[Snort-sigs] rules 41458 41459 41460 and 41461

John Ives jives at ...4131...
Thu Feb 9 16:01:56 EST 2017

I was wondering if we could get more information on why rules 41458,
41459, 41460, and 41461 are described as "Osx.Keylogger.Elite variant
outbound connection". We are seeing this in a number of installs for Mac
Adware, but so far no indication of a keylogger.

Additionally, when trying to look at the URL provided for a reference,
it looks to be for a word macro virus.



John Ives
Information Security & Policy			    Phone (510) 229-8676
University of California, Berkeley

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170209/19af30dd/attachment.sig>

More information about the Snort-sigs mailing list