alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor perlcmd.cgi access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/perlcmd.cgi"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009342; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009342; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor perlcmd.cgi access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/perlcmd.cgi"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009342; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009342; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor perlcmd.cgi access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/perlcmd.cgi"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; sid:2009342; rev:1;)

Added 2009-05-07 12:11:47 UTC


Topic revision: r1 - 2009-05-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats