Possible combined exploits of MS vulnerabilities
It has been a very quiet day, but we are hearing rumors of possible "super" exploits that may target several of the vulnerabilities announced by Microsoft on Tuesday. We've been contacted by an individual who have have been infected such an exploit, but investigation of this is still underway.
Increase in port 1981 activity
There has been an increase in scanning activity targetting port 1981 (possibly Bowl or Shockrave trojan activity, perhaps not) over the last 10 days or so. If anyone has captured any of this activity, we'd like to see the captures.
Yet another signature for sslbomb
We have yet another signature for the sslbomb exploit, some of the earlier ones have been prone to a fair amount of false positives. We'd be interested in how well any of these signatures are working.
Jim Clausing, handler on dutyI will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019
Apr 18th 2004
1 decade ago