Avast WEBforum
Business Products => Avast Business => Avast Business for Linux => Topic started by: polonus on March 08, 2013, 11:05:26 PM
-
What to check if one suspects a regBot attack going on -> http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html
I get a firekeeper alert here, but why?
=== Triggered rule ===
alert (msg:"The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information"; url_content:"http://web.archive.org/"; reference:url,www.malwarepatrol.net; fid:367737; rev:20130308215849;)
=== Request URL ===
http://mirror.toolbar.netcraft.com/check_url/v2/http://web.archive.org/3488735934/info
Also check http://www.botscout.com/ipcheck.htm?ip=
polonus