EditAttachPrintable
r1 - 26 Jun 2008 - 16:27:02 - TWikiGuestYou are here: TWiki >  Main Web > 2008352

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET VIRUS CoreFlooder?.Q Data Posting"; flow:established,to_server; content:"POST"; depth:4; uricontent:"/upload"; nocase; uricontent:"file="; nocase; uricontent:"&id="; nocase; threshold: type limit, track by_src, seconds 3600, count 1; reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FCOREFLOOD%2EQ; classtype:trojan-activity; sid:2008352; rev:1; )

Added 2008-06-26 12:27:02 UTC

 

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback