alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Possible Zeus/Perkesh (.bin) configuration download (2)"; flow:established,to_server; content:"GET "; depth:4; content:"|0d 0a|Accept|3a| */*|0d 0a|"; uricontent:".bin"; pcre:"/\/[0-9A-Z]+\.bin$/Ui"; classtype:trojan-activity; reference:url,zeustracker.abuse.ch; reference:url,anubis.iseclab.org/?action=result&task_id=10eabca7c3621d904e916a9fff3738c6f&format=pcap; reference:url,doc.emergingthreats.net/2010858; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010858; rev:2;)

Added 2010-02-26 06:00:46 UTC


Topic revision: r1 - 2010-02-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats