alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor simple-backdoor.php access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/simple-backdoor.php"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009339; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009339; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor simple-backdoor.php access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/simple-backdoor.php"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009339; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009339; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor simple-backdoor.php access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/simple-backdoor.php"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; sid:2009339; rev:1;)

Added 2009-05-07 12:11:47 UTC


Topic revision: r1 - 2009-05-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats