alert tcp $HOME_NET any -> any 139 (msg: "BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139"; flow: to_server,established; content:"|60 00 00 E0 2E 70 65 74 69 74 65 00 00 10 00 00 00 90 01 00 08 05 00 00 00 5E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00|"; classtype: trojan-activity; reference:url,antivirus.about.com/cs/allabout/a/netskyp_2.htm; sid: 2001280; rev:8; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats