alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Probable Sakura exploit kit landing page with obfuscated URLs"; flow:established,from_server; content:"applet"; content:"myyu?44"; fast_pattern; within:200; flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2015679; rev:1;)

Added 2012-09-06 00:53:31 UTC


Topic revision: r1 - 2012-09-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats