[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-sigs
Subject:    [Emerging-Sigs] FPs on ET TROJAN Trojan.StartPage activity 2011228
From:       skysbsb () gmail ! com (David Guimaraes)
Date:       2010-07-31 17:09:50
Message-ID: AANLkTi=ig8zSG-9atLBd8LXvQNhq_2Dzkrg8R02A0q0t () mail ! gmail ! com
[Download RAW message or body]

On Fri, Jul 30, 2010 at 11:32 AM, Korodev <korodev at gmail.com> wrote:
> On Wed, Jul 21, 2010 at 4:29 PM, Matt Jonkman <jonkman at jonkmans.com> wrote:
> > If there's concensus that it's safe I'd be happy to drop it, but the
> > google safebrowsing report is pretty damning...
> 
> I'm definitely seeing some questionable stuff on this sig. Did we
> reach any sort of general consensus? Here's some of the stuff I'm
> seeing across the board.
> 

Yes, me too.. i found this in one of us sensors..

ET TROJAN Trojan.StartPage activity 	 2010-07-30 09:31:12 	 xxx:1225 	
219.232.243.3:80 	 TCP
ET TROJAN Trojan.StartPage activity 	2010-07-30 09:30:57 	xxx:1216
	219.232.243.3:80 	TCP

GET /stat.htm?id=1685549&r=http%3A//www.brothersoft.com/games/tom-clancy-s-splinter-ce \
ll-for-gba-download.html&lg=undefined&ntime=0.99456200%201280492009&repeatip=1&rtime=0 \
&cnzz_eid=29865148-1280492009-http%3A//www.brothersoft.com/games/tom-clancy-s-splinter \
-cell-for-&showp=1024x768&st=14&sin=http%3A//www.brothersoft.com/games/tom-clancy-s-splinter-cell-for-gba-download.html&res=0
 HTTP/1.1
Host: zvs1.cnzz.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR;
rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
ccept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://in.ko.koramgame.com/template/new-fdj/?u=102137&u2=bs06

-- 
David Gomes Guimar?es


[prev in list] [next in list] [prev in thread] [next in thread]