alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN VBS/Wimmie.A Set"; flow:to_server,established; content:"POST"; nocase; http_method; content:"/count.php?m=c&n="; http_uri; content:"_"; distance:0; http_uri; content:"@"; distance:0; http_uri; content:"|0D 0A|Content-Length|3a| 0|0D 0A|"; http_header; reference:url,www.threatexpert.com/report.aspx?md5=6fd7493e56fdc3b0dd8ecd24aea20da1; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AVBS%2FWimmie.A; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf; reference:md5,61474931882dce7b1c67e1f22d26187e; classtype:trojan-activity; sid:2014803; rev:6;)

Added 2012-05-23 22:04:28 UTC


Topic revision: r1 - 2012-05-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats