Forgot to mention, make sure you've changed your
subscription for info
about Emerging Threats. Discussion for the project is now at
Emerging-sigs: ht
tp://lists.emergingthreats.net/mailman/listinfo/
Stuff here is not being acted upon generally, unless someone
forwards it
over to me, but then it's only added to the emerging sets.
Things here
at bleeding threats are not being maintained or acted upon.
Thanks
Matt
Matt Jonkman wrote:
> Thanks for pointing that out jeremy. And nice writeup!
>
> New sigs posted.
>
> matt
>
> Jeremy wrote:
>> Looks like the Storm worm authors have decided
April Fools is over and
>> moved back to "with love".
>>
>> There are now two binaries being hosted out:
>> withlove.exe
>> love.exe
>>
>> We might want to modify the Current Event
Signatures to reflect these
>> new binary names. Also only 2/32 Anti virus
applications identified
>> the binary as suspicious. Here is a link to the
Virus Total results:
>> http://www.virustotal.com/analisis/3820b4c68c
a857794f2cc46ebb9ffc4b
>>
>> I did an initial write up on it if your interested
here:
>> http://www.sudosecure.net/
you'll also find a peer list with 907 IPs
>> I was able to extract from the config file.
>> --jeremy
>>
>>
>>
------------------------------------------------------------
------------
>>
>> _______________________________________________
>> Bleeding-sigs mailing list
>> Bleeding-sigs bleedingthreats.net
>> http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthr
eats.net
--------------------------------------------
PGP: http://www.jo
nkmans.com/mattjonkman.asc
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
|
