-
May 23rd, 2006, 03:57 AM
#1
Spyware hitting my web servers?
Does anyone know why I would be seeing lots of snort alerts for spyware hitting my web servers? Doesn't make any sense to me.
See examples: (x.x.x.x = Internet addr; y.y.y.y = internal web server)
Apr 13 00:09:58 internet-ids snort: [1:2001855:12] BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (1) [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} x.x.x.x:2647 -> y.y.y.y:80
Apr 13 00:14:35 internet-ids snort: [1:2001043:7] BLEEDING-EDGE Malware Fun Web Products MyWay Agent Traffic [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} x.x.x.x:60773 -> y.y.y.y:80
Apr 13 00:14:35 internet-ids snort: [1:2001855:12] BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (1) [Classification: A Network Trojan was detected] [Priority: 1]: {TCP} x.x.x.x:60773 -> y.y.y.y:80
Apr 13 00:14:43 internet-ids snort: [1:2001034:13] BLEEDING-EDGE Malware Fun Web Products Agent Traffic [Classification: Potential Corporate Privacy Violation] [Priority: 1]: {TCP} x.x.x.x:50074 -> y.y.y.y:80
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|