#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Virus Santy.B worm variants searching for targets (2)"; flow: to_server,established; content:"GET"; nocase; offset: 0; depth: 3; content:"/search|3f|"; nocase; content:"q=inurl|3a|"; nocase; content:".php|3f|"; nocase; within: 10; pcre:"/&start=\d+/i"; classtype: trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html; sid: 2001618; rev:8; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats