EmergingThreats> Main Web>2008335 (revision 3)EditAttach

alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,from_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:3;)

Added 2008-09-29 22:45:21 UTC

This signature triggers a false positive for clients using Bloomberg over the Internet.

-- SteveTornio - 17 Oct 2008


alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,from_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:3;)

Added 2008-09-29 22:45:21 UTC


alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:2;)

Added 2008-09-16 14:08:16 UTC


alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:2;)

Added 2008-09-16 14:08:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:1;)

Added 2008-06-25 12:36:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to_server; dsize:1; content:"d"; classtype:trojan-activity; sid:2008335; rev:1;)

Added 2008-06-25 12:33:35 UTC


Edit | Attach | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2008-10-17 - SteveTornio
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats