alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Blackhole RawValue? Exploit PDF"; flow:established,to_client; file_data; content:"%PDF-"; within:5; content:"|2E|rawValue|5D 5B|0|5D 2E|split|28 27 2D 27 29 3B 26 23|"; distance:0; reference:cve,2010-0188; classtype:trojan-activity; sid:2014940; rev:2;)

Added 2012-06-22 19:10:35 UTC


Topic revision: r1 - 2012-06-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats