alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN TROJ_ANICMOO.AX Downloading wincf.exe"; uricontent:"/wincf.exe"; threshold:type limit, track by_src, count 1, seconds 60; classtype:trojan-activity; reference:url,uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_ANICMOO.AX; sid:2003521; rev:1;)

Added 2007-03-30 12:05:58 UTC


Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats