alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Inbound WorldPay? Card Transaction Trojan"; flow:established,to_server; content:"|0d 0a|Subject|3a| WorldPay? CARD transaction Confirmation"; nocase; content:"WorldPay_CONFR.zip"; nocase; classtype:trojan-activity; reference:url,www.sophos.com/blogs/gc/g/2009/05/07/worldpay-card-transactions-carry-malware-danger/; reference:url,doc.emergingthreats.net/2009348; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Worldpay; sid:2009348; rev:2;)

Added 2009-05-13 21:30:33 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Inbound WorldPay? Card Transaction Trojan"; flow:established,to_server; content:"|0d 0a|Subject|3a| WorldPay? CARD transaction Confirmation"; nocase; content:"WorldPay_CONFR.zip"; nocase; classtype:trojan-activity; reference:url,www.sophos.com/blogs/gc/g/2009/05/07/worldpay-card-transactions-carry-malware-danger/; reference:url,doc.emergingthreats.net/2009348; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Worldpay; sid:2009348; rev:2;)

Added 2009-05-13 21:30:33 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Inbound WorldPay? Card Transaction Trojan"; flow:established,to_server; content:"|0d 0a|Subject|3a| WorldPay? CARD transaction Confirmation"; nocase; content:"WorldPay_CONFR.zip"; nocase; classtype:trojan-activity; reference:url,www.sophos.com/blogs/gc/g/2009/05/07/worldpay-card-transactions-carry-malware-danger/; reference:url,doc.emergingthreats.net/2009348; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Worldpay; sid:2009348; rev:2;)

Added 2009-05-13 21:26:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Inbound WorldPay? Card Transaction Trojan"; flow:established,to_server; content:"|0d 0a|Subject|3a| WorldPay? CARD transaction Confirmation"; nocase; content:"WorldPay_CONFR.zip"; nocase; classtype:trojan-activity; reference:url,www.sophos.com/blogs/gc/g/2009/05/07/worldpay-card-transactions-carry-malware-danger/; reference:url,doc.emergingthreats.net/2009348; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Worldpay; sid:2009348; rev:2;)

Added 2009-05-13 21:26:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET CURRENT_EVENTS Inbound WorldPay? Card Transaction Trojan"; flow:established,to_server; content:"|0d 0a|Subject|3a| WorldPay? CARD transaction Confirmation"; nocase; content:"WorldPay_CONFR.zip"; nocase; classtype:trojan-activity; reference:url,www.sophos.com/blogs/gc/g/2009/05/07/worldpay-card-transactions-carry-malware-danger/; sid:2009348; rev:1;)

Added 2009-05-12 14:38:05 UTC


Topic revision: r1 - 2009-05-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats