|
Written by Matt Jonkman
|
|
Friday, 01 February 2008 |
|
The changes over to the new naming scheme for the rules is complete. All signatures are now named in the convention "ET CATEGORY Description".
If you notice any that don't folow the norm please let me know, I thought I caught all the stragglers in this update.
Matt |
|
Last Updated ( Sunday, 03 February 2008 )
|
|
|
Written by Matt Jonkman
|
|
Saturday, 26 January 2008 |
|
www.theinstalls.net
Used to be that the spyware crud would install a bunch of different packages that the author had become an affiliate for. Well, service has moved to a new level. theinstalls.net appears to handle all that for you. Just install their crap and they'll serve all the other affiliate program binaries. One stop fraud!
And you get a 100 dollar bonus after your first 10k US installs. Can't beat that!
Sigs out for it.
|
|
Last Updated ( Sunday, 03 February 2008 )
|
|
Read more...
|
|
|
Written by Matt Jonkman
|
|
Friday, 25 January 2008 |
|
New sigs from Jim Mcquaid and Jart Armin. Intended to catch dns lookups for fast flux DNS domains. If you're not familiar, many botnets are using what we call fast flux to keep their domain names moving and thus harder to shutdown. They'll have a ttl less than 60 seconds, and do very frequent automated dns server changes with their registrar. If you get a lookup for a hostile domain there's a very good chance the source is infected or trying to download infecting code. These are experimental for now, please give feedback to the emerging-sigs list. ***Update*** Lots of falses, revisiting the issue, will post new sigs shortly *** Update 2 *** Had to abandon the idea. Google and others use the same methods as fast flux. |
|
Last Updated ( Friday, 25 January 2008 )
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
| Results 29 - 32 of 48 |
