alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor cmdjsp.jsp access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/cmdjsp.jsp"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009343; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009343; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor cmdjsp.jsp access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/cmdjsp.jsp"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; reference:url,doc.emergingthreats.net/2009343; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP_Shells; sid:2009343; rev:2;)

Added 2009-05-11 17:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible Web Backdoor cmdjsp.jsp access"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/cmdjsp.jsp"; nocase; classtype:trojan-activity; reference:url,ddanchev.blogspot.com/2007/04/compilation-of-web-backdoors.html; sid:2009343; rev:1;)

Added 2009-05-07 12:11:47 UTC


Topic revision: r1 - 2009-05-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats