alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat"; http_uri; content:".php?w="; http_uri; content:"&i=00000000000"; http_uri; fast_pattern; content:"&a="; http_uri; content:"User-Agent|3a 20|Opera/6 (Windows NT 5.1|3b 20|"; http_header; classtype:trojan-activity; sid:2013907; rev:3;)

Added 2012-03-07 18:45:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat2.php"; http_uri; content:"w="; http_uri; content:"i="; http_uri; content:"a="; content:"User-Agent|3a 20|Opera/6 (Windows NT 5.1|3b 20|U|3b 20|LangID=409|3b 20|x86)"; http_header; classtype:trojan-activity; sid:2013907; rev:1;)

Added 2011-11-10 19:48:48 UTC


Topic revision: r1 - 2012-03-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats