alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT EVENTS TROJ_MESPAM.A HTTP Request"; flow:to_server,established; content:"Host\:"; nocase; content:"secondsite1.com"; nocase; distance:0; within:25; pcre:"/^Host\x3A[^\r\n]*p\x2Esecondsite1\x2Ecom/smi"; classtype:trojan-activity; reference:url,de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_MESPAM.A; sid:2003512; rev:2;)

Added 2007-04-27 09:30:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT EVENTS TROJ_MESPAM.A HTTP Request"; flow:to_server,established; content:"Host\:"; nocase; content:"secondsite1.com"; nocase; distance:0; within:10; pcre:"/^Host\x3A[^\r\n]*p\x2Esecondsite1\x2Ecom/smi"; classtype:trojan-activity; reference:url,de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_MESPAM.A; sid:2003512; rev:1;)

Added 2007-03-21 10:45:21 UTC


Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats