[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: Re: [Bleeding-sigs] baidu.com and bleeding spyware rules
From: Matt Jonkman <jonkman () bleedingthreats ! net>
Date: 2007-09-21 13:56:02
Message-ID: 46F3CD72.2050000 () bleedingthreats ! net
[Download RAW message or body]
At the time of writing those sigs, the sobar and such were pulling data
from, and even the install files from baidu.com. Configs were being
updated from there, data being posted there, etc.
I have not looked into it in likely a year or more. If you can share
some of the hits you have, maybe we can separate them from baidu to
other companies. I don't have any recent direct evidence baidu is
responsible for the spyware.
matt
Russell Fulton wrote:
> Hi Folks
>
> We use the bleeding malware rules to detect spyware infected hosts on
> campus. We are seeing many hits on rules relating to baidu.com.
>
> Baidu.com is a very widely used site in the Chinese community -- some
> describe it as the "Chinese equivalent of Google" so I have commented
> out these sigs for the moment because they are burying other more
> important alerts.
>
> Clearly visiting Baidu results in many gets (and some posts) to third
> party sites but are these actually anything more than pulling ads ?
>
> I guess my real question is does anyone have any hard evidence as to
> exactly what the threat is that these sigs purport to address?
>
> If not I would suggest that the rules be depreciated.
>
> Russell.
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
--
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------
PGP: http://www.bleedingthreats.com/mattjonkman.asc
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic