[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] .cw.cm - another domain worth watching?
From: jonkman () emergingthreatspro ! com (Matthew Jonkman)
Date: 2011-04-28 15:56:57
Message-ID: 03CD325B-BE23-4A06-8A98-8A95954D1424 () emergingthreatspro ! com
[Download RAW message or body]
Posting, thanks Harry!
Matt
On Apr 26, 2011, at 6:08 PM, harry.tuttle wrote:
> Similar to .cz.cc, etc. You can plug '.cw.cm malware' into a search engine for lots \
> of examples and discussion. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS \
> (msg:"ET CURRENT_EVENTS Suspicious HTTP Request to a *.cw.cm Domain"; \
> flow:established,to_server; content:".cw.cm|0d 0a|"; http_header; \
> classtype:bad-unknown; sid:; rev:1;)
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro \
> http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets \
> for Snort 2.4.0 through Current!
----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic