#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE VIRUS Agentless HTTP request to www.microsoft.com (possible BlackWorm?/Nyxem infection)"; dsize:92; flow:to_server,established; content:"GET / HTTP/1.1|0d0a|Host|3a20|www.microsoft.com|0d0a|Connection|3a20|Keep-Alive|0d0a|Cache-Control|3a20|no-cache|0d0a0d0a|";classtype:misc-activity; sid:2002789; rev:2;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats