alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"CURRENT_EVENTS Fake Airline E-ticket Email Inbound"; flow:established,to_server; content:"|0d 0a|Subject\: E-Ticket #"; pcre:"/eTicket.*\.zip/i"; classtype:trojan-activity; reference:url,www.us-cert.gov/current/archive/2008/07/31/archive.html#airline_e_ticket_email_attack; reference:url,www.sophos.com/security/blog/2008/07/1604.html; sid:2008486; rev:1;)

Added 2008-08-01 13:00:22 UTC


Topic revision: r1 - 2008-08-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats