Avast WEBforum

Business Products => Avast Business => Avast Business for Linux => Topic started by: polonus on March 08, 2013, 11:05:26 PM

Title: Checklist in case of regBot attack...
Post by: polonus on March 08, 2013, 11:05:26 PM: What to check if one suspects a regBot attack going on -> http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html
I get a firekeeper alert here, but why?
Quote
=== Triggered rule ===
alert (msg:"The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information"; url_content:"http://web.archive.org/"; reference:url,www.malwarepatrol.net; fid:367737; rev:20130308215849;)

=== Request URL ===
http://mirror.toolbar.netcraft.com/check_url/v2/http://web.archive.org/3488735934/info

Also check http://www.botscout.com/ipcheck.htm?ip=

polonus

SMF 2.0.18 | SMF © 2015, Simple Machines