alert tcp $HOME_NET any -> $EXTERNAL_NET 34330 (msg:"BLEEDING-EDGE WORM Possible Myfip DWT file transfer - IP theft"; flow:to_server,established; content:"|00 00 00 00|"; depth:4; content:"|3a 5c|"; distance:5; within:2; content:".dwt|00|"; nocase; within:256; reference:url,www.lurhq.com/myfip.html; classtype:trojan-activity; sid:2002341; rev:1;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats