alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"|0d 0a|MZ"; within: 12; classtype: trojan-activity; sid:2001685; rev:5;)

Added 2008-07-03 15:24:48 UTC

alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"|0d 0a|MZ"; within: 12; classtype: trojan-activity; sid:2001685; rev:5;)

Added 2008-07-03 15:24:48 UTC

alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"|0d 0a|MZ"; within: 12; classtype: trojan-activity; sid: 2001685; rev:5;)

Added 2008-05-23 10:08:50 UTC

alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"|0d 0a|MZ"; within: 12; classtype: trojan-activity; sid: 2001685; rev:5;)

Added 2008-05-23 10:08:50 UTC

alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"MZ"; within: 12; classtype: trojan-activity; sid: 2001685; rev:4;)

Added 2008-01-28 17:24:17 UTC

alert tcp any 20 -> $HOME_NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"MZ"; within: 12; classtype: trojan-activity; sid: 2001685; rev:4;)

Added 2008-01-28 17:24:17 UTC

alert tcp any 20 -> $HOME_NET 25 (msg: "BLEEDING-EDGE Malware Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content-Type\: image"; content:"MZ"; within: 12; classtype: trojan-activity; sid: 2001685; rev:3; )