Author Topic: Checklist in case of regBot attack...  (Read 5304 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Checklist in case of regBot attack...
« on: March 08, 2013, 11:05:26 PM »
What to check if one suspects a regBot attack going on ->  http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html
I get a firekeeper alert here, but why?
Quote
=== Triggered rule ===
alert (msg:"The address you tried to access points to a Malware. Please visit http://www.malwarepatrol.net for more information"; url_content:"http://web.archive.org/"; reference:url,www.malwarepatrol.net; fid:367737; rev:20130308215849;)

=== Request URL ===
http://mirror.toolbar.netcraft.com/check_url/v2/http://web.archive.org/3488735934/info

Also check http://www.botscout.com/ipcheck.htm?ip=

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!