alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:1;)

Added 2011-10-12 19:36:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2013488; rev:1;)

Added 2011-08-31 10:23:42 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats