# alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE VIRUS Bagle Variant Requesting 2.jpg"; reference:url,isc.sans.org/diary.php?date=2004-08-09; content:"2.jpg"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/2\.jpg/i"; flow:established; classtype:trojan-activity; sid:2001061; rev:11;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats