|
Written by Matt Jonkman
|
|
Wednesday, 14 May 2008 |
|
New Command and Control Channel found. Seen several samples doing this, usually on ports between 81 and 90. Reference here: http://doc.emergingthreats.net/bin/view/Main/Win32Looked The client sends a 6 byte packet containing usually "#108/!", several tims often. The server eventually responds with another 6 bytes like "#109/!". Signatures 2008219 and 2008220 will catch these well. Matt
|
