Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Packet Hack <pckthck-Re5JQEeQqe8AvxtiuMwx3w <at> public.gmane.org>
Subject: More Malvertising/Exploits in *.cc
Newsgroups: gmane.comp.security.ids.snort.emerging-sigs
Date: Saturday 19th February 2011 23:21:29 UTC (over 6 years ago)
[TL;DR - 3 sigs at the bottom. Apologies for the ugliness of this post.
I wrapped some of the payloads to make it easier to read, hopefully]

Seeing hits like so, mostly in *.cc, though that may change:

Eleonore:

--------------------------------------------------
   HTTP/1.1 200 OK
   Set-Cookie: SL_2_0000=_8_; domain=afroprivacyflash.com; path=/;
expires=Sun, 20-Feb-2011 07:56:58 GMT
   Content-Type: text/html
   Transfer-Encoding: chunked
   Date: Sat, 19 Feb 2011 07:56:58 GMT
   Server: lighttpd/1.4.26

   3c0
   
   
   
   http://afroprivacyflash.com/in.cgi?23&ab_iframe=0&ab_badtraffic=0&
   ab_trash=1&antibot_hash=bot'">