Forensic Analysis of:
Snort alert “ET Malware VPP Technologies Spyware” fired 6/23/2009 11:17:30 AM

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”ET MALWARE VPP Technologies Spyware”; flow:established,to_server; uricontent:”/DittoIA.jsh?pid=”; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002348; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_VPPTechnologies; sid:2002348; rev:3;)

http://doc.emergingthreats.net/bin/view/Main/2002348

Snort Rule fired while attempting to GET a jsp page on the machine a72-246-30-33.deploy.akamaitechnologies.com (72.246.30.33)

“Coupon Printer for Windows” found installed on computer. (more…)