#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware EUniverse-thunderdownloads Update Engine"; flow: to_server,established; content:"POST"; depth: 4; content:"mgmt.svr HTTP"; within: 50; content:"|0d0a|Host|3a|update.thunderdownloads.com"; nocase; within: 300; reference:url,www.pestpatrol.com/pestinfo/e/euniverse.asp; classtype: policy-violation; sid: 2000935; rev:4; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats