alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE VIRUS W32.Beagle.CE@mm Infection Outbound web.php"; flow:to_server,established; uricontent:"/web.php"; threshold: type threshold, count 5, seconds 60, track by_src; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ce@mm.html; classtype: trojan-activity; sid:2002180; rev:2;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats