[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: Re: [Emerging-Sigs] High false positive rate ET TROJAN Kazy/Kryptor/Cycbot Checkin 3
From: matt <sendtomatt () gmail ! com>
Date: 2012-12-19 21:35:47
Message-ID: 50D23333.80301 () gmail ! com
[Download RAW message or body]
On 12/19/12 12:57, Matt Jonkman wrote:
> Dang, ya. With the cgi in there it will false.
>
> We have many issues with the whole family of those sigs. Kazy does decoy
> checking, same request and uri, to legit sites as well as it's cnc. Tens to
> hundreds per infection.
>
> I'll kill this sig, we need a better way. We'll dig into it.
>
> Thanks Matt!
>
> Matt
>
>
Thank you for the excellent work, ET is awesome.
Matt
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic