Hi all,

we are looking for examples of the PDFs being sent out, snort signatures, the IP addresses sending them out, the IP addresses they download malware from, and examples of the malware.

Please upload here: http://isc.sans.org/contact.html

Cheers,
Adrien de Beaupré
Bell Canada

UPDATE:  Thanks all for the examples for the pdf's.  Please be sure and submit some IP addresses for the controllers, if you have anymore.   I've been told that Snort rules have been created by Sourcefire's VRT team.  They are subscription only.

Joel Esler

http://handlers.sans.org/jesler