[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: [Bleeding-sigs] FP on 2007641 (Storm TCP)
From: Niklas Schiffler <nick () nightlabs ! de>
Date: 2007-10-16 13:24:06
Message-ID: 4714BB76.5070707 () nightlabs ! de
[Download RAW message or body]
Hi,
I'm getting false positives on the Storm controller TCP response sig
caused by the socket transport protocol of JBoss 4.x remote invocation:
[1:2007641:1] BLEEDING-EDGE TROJAN Storm Controller Response to Drone via tcp [**] \
[Classification: A Network Trojan was detected] [Priority: 1] {TCP} 80.72.x.x:4446 -> \
192.168.x.x:46724 [1:2007641:1] BLEEDING-EDGE TROJAN Storm Controller Response to \
Drone via tcp [**] [Classification: A Network Trojan was detected] [Priority: 1] \
{TCP} 80.72.x.x:4446 -> 192.168.x.x:46725
nick..
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic