alert tcp $HOME_NET any -> any 25 (msg: "BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound"; flowbits: isset,SoberAuth; flow: established,to_server; content:"application/octet-stream|3b| name="; content:"attachment|3b| filename="; within: 100; classtype: string-detect; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html; sid: 2001881; rev:6; )



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats