#alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg: "BLEEDING-EDGE WORM Potential MyDoom?.AI Email Inbound"; flow: established,to_server; content:"X-AntiVirus|3a|"; nocase; pcre:"/X-AntiVirus\: (scanned for viruses by AMaViS? 0\.2\.1|Checked by Dr\.Web|Checked for viruses by Gordano's AntiVirus?)/"; pcre:"/(Look at my homepage with my last webcam photos!|FREE ADULT VIDEO! SIGN UP NOW!)/"; reference:url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631; classtype: trojan-activity; sid: 2001437; rev:5; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats