Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: IDS Trolling - Anything new? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IDS Trolling - Anything new?

One of our supporters, Jags, saw an old alert on their Cisco IDS appear in their logs today.  The specific signature is being classified by the IDS as Opachki, a dated link hijacking program.  Bojan Zdrnja wrote an excellent diary on this malware in November 2009.  Not much we don't already know about this malware, so on a rainy Saturday I thought I would put it to the readers: Anybody else seeing new Opachki alerts?  If so, we'd love to hear!  Maybe something new appears...

And as always, we are always listening for something new here at ISC, so we'd love to hear if it's new and not Opachki.

tony d0t carothers


150 Posts
ISC Handler
Jun 2nd 2012

Sign Up for Free or Log In to start participating in the conversation!