alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish Encoded Exploit traveling to client browser"; flow:established,from_server; content:"dF('%264Djgsbnf%2631obnf%264E%2633J2%"; reference:url,asert.arbornetworks.com/2007/02/phpwebguard-and-aspwebguard-attacks/; reference:url,isc.sans.org/diary.html?n&storyid=2277; reference:url,www.bleedingthreats.net/index.php/2007/02/13/guardzip-phish-very-targeted-sig-available/; classtype:attempted-admin; sid:2003413; rev:3;)



Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats