##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Blackhole Exploit Kit Landing Page Redirect.php Port 8080 Request"; flow:established,to_server; content:"/redirect.php?d="; fast_pattern:only; http_uri; content:"|3A|8080|0D 0A|"; http_header; pcre:"/\x2Fredirect\x2Ephp\x3Fd\x3D[0-9a-f]{8}$/U"; classtype:trojan-activity; sid:2015047; rev:2;)

Added 2013-05-02 22:17:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Redirect.php Port 8080 Request"; flow:established,to_server; content:"/redirect.php?d="; fast_pattern:only; http_uri; content:"|3A|8080|0D 0A|"; http_header; pcre:"/\x2Fredirect\x2Ephp\x3Fd\x3D[0-9a-f]{8}$/U"; classtype:trojan-activity; sid:2015047; rev:1;)

Added 2012-07-06 23:30:40 UTC


Topic revision: r1 - 2013-05-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats