[Snort-users] Fwd:

Eric G eric at ...15503...
Tue Jan 29 20:57:39 EST 2013


On Tue, Jan 29, 2013 at 4:10 PM, waldo kitty <wkitty42 at ...14940...>
 wrote:

> On 1/29/2013 15:02, Jeff Jarmoc wrote:
> > Obfuscated redirect to
> hxxp://www.news.com.december.bestdrops.2012.fxsprime<dot>com
>
> yeah, i don't know what they are doing, either, but i've seen quite a few
> of
> these types of postings... they are easily recognized by their subject line
> containing only "Fwd:" and nothing else...
>
> i'm suspecting that they might be looking for specific connections to
> facilitate
> infectious processes... "they" are getting smarter and narrowing their
> targets
> which also assists them in avoiding researchers from determining what they
> are
> doing and how they are doing it :?
>
> > That site in turn gives a 302 to pinterest.  Weird that it doesn't seem
> to do
> > anything; maybe it's fingerprinting browsers?
>


I find it hilariously appropriate that a spam posting to a mailing list
results in analysis and discussion on the URL contained in said spam
message... guess that's what you get when you post spam to Snort-users  :0)


--
Eric
http://www.linkedin.com/in/ericgearhart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130129/3165ea1f/attachment.html>


More information about the Snort-users mailing list