alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE WORM MyDoom?.P Query"; flow: to_server,established; content:"/py/psSearch.py|3f|"; nocase; content:"Host|3a| EMAIL.PEOPLE.YAHOO.COM"; classtype: trojan-activity; reference:url,www.sarc.com/avcenter/venc/data/w32.mydoom.p@mm.html; sid: 2001045; rev:9; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats