2011287 < Main < EmergingThreats

EmergingThreats>

Main Web>2011287 (2011-10-12, TWikiGuest)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; classtype:web-application-attack; sid:2011287; rev:2;)

Added 2011-10-12 19:31:44 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; sid:2011287; rev:2;)

Added 2011-09-14 22:45:09 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2011-02-04 17:31:06 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2010-08-02 15:15:59 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2010-08-02 15:15:59 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2010-08-02 15:14:57 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET.GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2010-08-02 15:14:57 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server"; flowbits:isset,ET_GOOTKIT; flow:established,from_server; content:""; nocase; content:""; nocase; distance:0; content:""; nocase; distance:0; content:"21"; nocase; distance:0; classtype:web-application-attack; reference:url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp; reference:url,doc.emergingthreats.net/2011287; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Gootkit; sid:2011287; rev:2;)

Added 2010-08-01 20:38:14 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r1 - 2011-10-12 - TWikiGuest

Main

Log In or Register

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats