alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg: "BLEEDING-EDGE WORM MyDoom?.S Outbound"; flow: to_server,established; content:"LOL!\;)"; nocase; content:"filename=photos_arc.exe"; nocase; reference:url,www.f-secure.com/v-descs/mydoom_s.shtml; reference:url,isc.sans.org/diary.php?date=2004-08-16; classtype: trojan-activity; sid: 2001196; rev:6; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats