#alert tcp $HOME_NET any -> $EXTERNAL_NET 135 (msg: "BLEEDING-EDGE VIRUS Nachi/Phatbot Worm"; flow: to_server,established; content:"|05|"; within: 1; distance: 0; byte_test:1,<,16,3,relative;content:"|5c 00 5c 00|"; byte_test:4,>,256,-8,relative; reference:cve,CAN-2003-0352; reference:bugtraq,8205; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.asp; classtype: attempted-admin; sid: 2001302; rev:5; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats