alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Asprox Binary Update from Command & Control Server"; flow:established,to_client; content:"|0d 0a 0d 0a|"; content:""; nocase; content:""; nocase; within:9; content:"name=|22|UPDATE|22|"; nocase; distance:0; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in DOS mode."; distance:0; classtype:trojan-activity; reference:url,labs.m86security.com/2010/08/fedex-spam-seeding-new-asprox-binary/; reference:url,doc.emergingthreats.net/2011459; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Asprox; sid:2011459; rev:2;)

Added 2010-09-10 23:36:33 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Asprox Binary Update from Command & Control Server"; flow:established,to_client; content:"|0d 0a 0d 0a|"; content:""; nocase; content:""; nocase; within:9; content:"name=|22|UPDATE|22|"; nocase; distance:0; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in DOS mode."; distance:0; classtype:trojan-activity; reference:url,labs.m86security.com/2010/08/fedex-spam-seeding-new-asprox-binary/; reference:url,doc.emergingthreats.net/2011459; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Asprox; sid:2011459; rev:2;)

Added 2010-09-10 23:36:33 UTC



This topic: Main > 2011459
Topic revision: r1 - 2010-09-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats