alert tcp $HOME_NET any -> $EXTERNAL_NET 5217 (msg:"ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication"; flow:established,to_server; content:"S|00|M|00|A|00|R|00|T|00|P|00|O|00|P"; content:"D|00|B|00|_|00|S|00|M|00|A|00|R|00|T|00|P|00|O|00|P"; distance:0; classtype:trojan-activity; sid:2013956; rev:2;)

Added 2011-11-23 17:01:25 UTC


Topic revision: r1 - 2011-11-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats