alert tcp $HOME_NET any -> [213.33.116.41,216.199.83.203,213.23.243.210] [53,80,443] (msg:"ET CURRENT Possible W32/Dozer Trojan Backdoor CnC? Communication Detected"; flow:to_server, established; classtype:trojan-activity; reference:url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2; reference:url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx; reference:url,doc.emergingthreats.net/2009713; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Dozer; sid:2009713; rev:2;)

Added 2009-08-14 13:30:38 UTC


alert tcp $HOME_NET any -> [213.33.116.41,216.199.83.203,213.23.243.210] [53,80,443] (msg:"ET CURRENT Possible W32/Dozer Trojan Backdoor CnC? Communication Detected"; flow:to_server, established; classtype:trojan-activity; reference:url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2; reference:url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx; reference:url,doc.emergingthreats.net/2009713; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Dozer; sid:2009713; rev:2;)

Added 2009-08-14 13:30:38 UTC


alert tcp $HOME_NET any -> [213.33.116.41,216.199.83.203,213.23.243.210] [53,80,443] (msg:"ET CURRENT Possible W32/Dozer Trojan Backdoor CnC? Communication Detected"; flow:to_server, established; classtype:trojan-activity; reference:url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2; reference:url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx; sid:2009713; rev:1;)

Added 2009-08-06 14:15:39 UTC


Topic revision: r1 - 2009-08-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats