One of our supporters, Jags, saw an old alert on their Cisco IDS appear in their logs today. The specific signature is being classified by the IDS as Opachki, a dated link hijacking program. Bojan Zdrnja wrote an excellent diary on this malware in November 2009. Not much we don't already know about this malware, so on a rainy Saturday I thought I would put it to the readers: Anybody else seeing new Opachki alerts? If so, we'd love to hear! Maybe something new appears...
And as always, we are always listening for something new here at ISC, so we'd love to hear if it's new and not Opachki.
tony d0t carothers
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.