Re: MALWARE-CNC Win.Trojan.Bedep variant outbound connection (1:33188)

[Alex McDonnell <amcdonnell () sourcefire com>]

Hi Elliot,

  This is one of many rules that is used to help detect Bedep. We know it
can be loud if you are a regular visitor to that site which is why we have
placed it in the "indicator-compromise" category where rules that might not
alert on malicious traffic but are usually present when other
suspicious/malicious traffic is present. Enabling this rule can help find
other unknown variants but does have the drawback of having to check more
events. Like Joel suggested, please take a look at other sids if you do not
want to deal with these events.

Thanks

Alex McDonnell
TALOS

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!