ET TROJAN Brontok User-Agent Detected (Brontok.A3 Browser)

I am seeing a lot of this alert here. So here is a payload. I don't no if it is good to show the source ip so i did put an 'X' to hide it. All alerts have the same destination ip 66.218.77.68

comprimento = 260

GET /sbllro2/IN12ORURZROX.txt HTTP/1.0..
User-Agent: Brontok.A12 Browser..
Host: www.geocities.com..
Pragma: no-cache..
Via: 1.0 xxxxxxxxxx:3131 (squid/2.5.STABLE13-20060315)..
X-Forwarded-For: X.X.X.X..
Cache-Control: max-age=259200..
Connection: keep-alive

-- PedroMarinho - 20 Jun 2008

Topic revision: r2 - 2008-06-20 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats