alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE VIRUS W32/Bagle.z@MM Requesting 5.php"; flow: to_server,established; content:"5.php"; nocase; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/5\.php/i"; reference:mcafee,122415; classtype: trojan-activity; sid: 2001556; rev:10; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats