File uploaded by nshanks on Oct 7, 2010Last modified by nshanks on Oct 7, 2010
Version 2Show Document
  • View in full screen mode

SEO with URL pattern uses a unique filter designed from researching crimeware packages and matches common URL patterns against known redirects.  This rule starts by observing users using Yahoo, Google, and Bing searches then waits for them to click on a potentially malicious redirect link (in the provided filter or your own).  It will then correlate the two base events and provide them to the analyst.    This increases the ease of determined “what” they searched and “where” they were redirected without having to pull any historical data.  - N