#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Virus Santy.B worm variants searching for targets (1)"; flow: to_server,established; content:"GET"; nocase; offset: 0; depth: 3; content:"/search|3f|q=inurl|3a2a|.php|3f2a|="; nocase; pcre:"/\d+&start=\d+/iR"; classtype: trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html; sid: 2001617; rev:9; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats