[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: [Bleeding-sigs] Phishing Rule
From: Matt Jonkman <jonkman () bleedingthreats ! net>
Date: 2007-09-23 22:52:27
Message-ID: 46F6EE2B.4030002 () bleedingthreats ! net
[Download RAW message or body]
A good friend of Bleeding Threats, John LaCour at Markmonitor, has found
and is trying to track a significant phishing server. The following rule
is intended to help him gather info:
alert tcp $HOME_NET any -> 209.160.73.12 $HTTP_PORTS (msg:"BLEEDING-EDGE
CURRENT_EVENTS Traffic to Phishing Master Server -- Please report hits
to phishevent@bleedingthreats.net"; flow:established;
reference:url,doc.bleedingthreats.net/2007619; sid:2007619; rev:1;)
If you get hits on it please report them to the email address included.
If you need to keep the submission anonymous please report to me first,
or via an anonymous email, etc.
Thanks
Matt
--
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------
PGP: http://www.bleedingthreats.com/mattjonkman.asc
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic