#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com)"; flow: to_server,established; uricontent:"/scr2/command.php?IP="; nocase; uricontent:"Port1="; nocase; content:"Host\: www.blahot.com"; nocase; classtype: trojan-activity; reference:url,www.vitalsecurity.org/2005/01/malware-spam.html; reference:url,www.blahot.com; sid: 2001671; rev:7; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats