Main Webalert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Lighty Variant or UltimateDefender? POST"; flow:established,to_server; content:"POST "; depth:5; content:".php"; content:"gd="; content:"&affid="; content:"&subid="; content:"&prov="; nocase; classtype:trojan-activity; sid:2008784; rev:2;) Added 2008-12-23 11:15:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Lighty Variant or UltimateDefender? POST"; flow:established,to_server; content:"POST "; depth:5; content:".php"; content:"gd="; content:"&affid="; content:"&subid="; content:"&prov="; nocase; classtype:trojan-activity; sid:2008784; rev:2;) Added 2008-12-23 11:15:21 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Lighty Variant or UltimateDefender? POST)"; flow:established,to_server; content:"POST "; depth:5; content:".php"; content:"gd="; content:"&affid="; content:"&subid="; content:"&prov="; nocase; classtype:trojan-activity; sid:2008784; rev:1;) Added 2008-11-18 07:15:22 UTC 72.233.114.12 seems to be popular for this one.
47 45 54 20 2F 76 63 67 69 2F 6E 65 77 30 31 2F GET /vcgi/new01/
75 70 64 61 74 65 2E 63 67 69 3F 6D 61 67 69 63 update.cgi?magic
3D 35 32 34 30 39 38 32 35 30 30 30 30 26 6F 78 =524098250000&ox
3D 32 2D 35 2D 31 2D 32 36 30 30 26 74 6D 3D 31 =2-5-1-2600&tm=1
30 39 32 30 26 69 64 3D 32 31 35 34 36 38 34 31 0920&id=21546841
26 63 61 63 68 65 3D 31 35 34 31 32 31 39 34 36 &cache=154121946
36 20 48 54 54 50 2F 31 2E 31 0D 0A 48 6F 73 74 6 HTTP/1.1..Host
3A 20 62 62 62 32 2E 6D 65 75 38 39 2E 6E 65 74 : bbb2.meu89.net
0D 0A 0D 0A ....
-- ChrisGreen - 01 Dec 2008
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback