alert tcp $HOME_NET any -> any 135:139 (msg:"BLEEDING-EDGE VIRUS Nyxem attempting to copy WINZIP_TMP.exe to shares"; flow:to_server,established; content:"|57 00 49 00 4e 00 5a 00 49 00 50 00 5f 00 54 00 4d 00 50 00 2e 00 65 00 78 00 65|"; reference:url,www.lurhq.com/blackworm.html; reference:url,www.incidents.org/diary.php?date=2006-02-02; classtype:trojan-activity; sid:2002795; rev:1;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats