Snort mailing list archives
likely FPs Web-Client .... dll-load exploit attempt
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Mon, 18 Apr 2011 11:05:26 +1200
SID CID Timestamp Signature IP Src IP Dst Proto Length 10 78025871 2011-04-18 09:53:08 WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 185 10 78025872 2011-04-18 09:53:08 WEB-CLIENT Acrobat Reader IE plugin ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 185 10 78025881 2011-04-18 09:53:18 WEB-CLIENT Firefox Acrobat Reader agm.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 179 10 78025882 2011-04-18 09:53:18 WEB-CLIENT Acrobat Reader IE plugin agm.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 179 10 78025908 2011-04-18 09:54:32 WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 179 10 78025909 2011-04-18 09:54:32 WEB-CLIENT Acrobat Reader IE plugin ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 179 10 78025915 2011-04-18 09:54:45 WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 172 10 78025916 2011-04-18 09:54:45 WEB-CLIENT Acrobat Reader IE plugin ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 172 10 78025917 2011-04-18 09:54:46 WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 196 10 78025918 2011-04-18 09:54:46 WEB-CLIENT Acrobat Reader IE plugin ace.dll dll-load exploit attempt 130.216.25.112 ee5112cp.ece.auckland.ac.nz 119.31.248.196 None 6 196 sample capture: GET /files/pluginhost/2.0.0.11032_12/External/DeviceModules/DCInterface.dll.cab HTTP/1.1 User-Agent: SAMSUNG_KIES Host: msupdate.emodio.com googling msupdate.emodio.com suggests that this is a legit site related to Samsung Kies... ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- likely FPs Web-Client .... dll-load exploit attempt Russell Fulton (Apr 17)
- Re: likely FPs Web-Client .... dll-load exploit attempt Joel Esler (Apr 17)
- Re: likely FPs Web-Client .... dll-load exploit attempt Patrick Mullen (Apr 18)