alert udp $HOME_NET any -> any 53 (msg:"ET CURRENT_EVENTS Infected System Looking up chr.santa-inbox.com CnC? Server"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|03|chr|0b|santa-inbox|03|com"; nocase; distance:0; classtype:trojan-activity; reference:url,sign.kaffenews.com/?p=104; reference:url,doc.emergingthreats.net/bin/view/Main/2008531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_santa-inbox.com; sid:2011363; rev:3;)

Added 2010-08-17 14:15:09 UTC


Topic revision: r1 - 2010-08-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats