#alert tcp $EXTERNAL_NET 21:443 -> $HOME_NET 80 (msg: "BLEEDING-EDGE WORM perlb0t Bot Reporting Scan/Exploit"; flow: to_server,established; content:"PRIVMSG|20|"; nocase; within: 80; pcre:"/(GOOGLE|HTTP|TCP|SCAN|UDP|VERSION)/i"; within:16; pcre:"/(Exploiting|Exploited|Attacking|Scanning|perlb0t)/i"; classtype: trojan-activity; sid:2002930; rev:1;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats