alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)"; flow:established,to_server; uricontent:"/kickme.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008079; rev:3;)

Added 2008-04-02 08:53:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)"; flow:established,to_server; uricontent:"/kickme.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008079; rev:3;)

Added 2008-04-02 08:53:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)"; flow:established,to_server; uricontent:"/kickme.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/kickme\.exe/Ui"; classtype:trojan-activity; sid:2008079; rev:2;)

Added 2008-04-01 11:35:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)"; flow:established,to_server; uricontent:"/kickme.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/kickme\.exe/Ui"; classtype:trojan-activity; sid:2008079; rev:2;)

Added 2008-04-01 11:35:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)"; flow:established,to_server; uricontent:"/kickme.exe"; nocase; classtype:trojan-activity; sid:2008079; rev:1;)

Added 2008-03-31 18:01:49 UTC


Topic revision: r1 - 2008-04-02 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats