#alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET DELETED Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; reference:url,doc.emergingthreats.net/2001430; classtype:trojan-activity; sid:2001430; rev:10; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:55:29 UTC


##alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET DELETED Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; reference:url,doc.emergingthreats.net/2001430; classtype:trojan-activity; sid:2001430; rev:10;)

Added 2011-10-12 19:10:27 UTC


##alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET DELETED Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; classtype: trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; reference:url,doc.emergingthreats.net/2001430; sid:2001430; rev:10;)

Added 2011-09-14 20:58:03 UTC


##alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET DELETED Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; classtype: trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; reference:url,doc.emergingthreats.net/2001430; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bofra; sid:2001430; rev:10;)

Added 2011-02-04 17:21:27 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2001430; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bofra; sid:2001430; rev:10;)

Added 2010-06-28 22:46:58 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2001430; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bofra; sid:2001430; rev:10;)

Added 2010-06-28 22:46:58 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2001430; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bofra; sid: 2001430; rev:10;)

Added 2009-02-12 18:21:14 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; reference:url,doc.emergingthreats.net/2001430; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bofra; sid: 2001430; rev:10;)

Added 2009-02-12 18:21:14 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; sid: 2001430; rev:9;)

Added 2008-01-31 10:12:22 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg:"ET WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; sid: 2001430; rev:9;)

Added 2008-01-31 10:12:22 UTC


alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 (msg: "BLEEDING-EDGE WORM Bofra Victim Accessing Reactor Page"; flow: from_client,established; content:"GET "; nocase; content:"reactor"; nocase; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; sid: 2001430; rev:8; )



Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats