alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET INFO Potential Malicious PDF (EmbeddedFiles?) improper case"; flow:from_server,established; file_data; content:"%PDF"; within:4; content:"/EmbeddedFiles"; within:128; nocase; content:!"/EmbeddedFiles"; distance:-14; within:14; reference:url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/; classtype:trojan-activity; sid:2014575; rev:3;)

Added 2012-04-16 18:46:13 UTC


Topic revision: r1 - 2012-04-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats