#alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (patch-)"; flow:established,to_server; content:"filename=|22|patch|2e|"; nocase; pcre:"/patch-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003571; rev:1;)

Added 2007-07-11 02:45:54 UTC


alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (patch-)"; flow:established,to_server; content:"filename=|22|patch|2e|"; nocase; pcre:"/patch-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003571; rev:1;)

Added 2007-04-13 12:00:25 UTC

Temporary until the huge increase drops off. Should be removed within a week or so.

-- MattJonkman - 13 Apr 2007


Topic revision: r2 - 2007-04-13 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats