Snort mailing list archives
Re: What the heck is this...
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Thu, 12 May 2011 12:05:03 -0400
Quick inspection of this is its just an inlined gif image, nothing malicious <img .... src=data:image/gif;base64 ... " Rest of the data is then base64 encoded. Decoding base64 and inspecting the image doesn't show anything that is out of the ordinary. Ran it through http://www.urlvoid.com/ , just for fun. http://www.urlvoid.com/scan/f.uxlj.no12u.bz returns Clean. Cheers, -matt On Thu, May 12, 2011 at 10:59 AM, Lay, James <james.lay () wincofoods com> wrote:
Hey again all! So….hope this is an ok avenue for this. Just got this: http://f.uxlj.no12u.bz/oxt.html It’s gone now, but I have a copy (thank heaven for FPC J). Looks like html+base64+script? Zipped so as not to fire off anything….please let me know if there’s a better place to discuss/submit this kind of thing. Snort didn’t fire on it however. James ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-blog.snort.org && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Joel Esler (May 12)
- Re: What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Matt Watchinski (May 12)
- Re: What the heck is this... Lay, James (May 12)
- Re: What the heck is this... Joel Esler (May 12)