TWiki's Main webThe web for users, groups and offices. TWiki is an Enterprise Collaboration Platform.http://doc.emergingthreats.net/bin/view/MainCopyright 2008 Emerging Threats and Contributing Authors2008-07-06T20:19:21Z2008370http://doc.emergingthreats.net/bin/view/Main/20083702008-07-06T20:19:21Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Shopcenter.co.kr Spyware Install Report"; flow:established,to server; uricontent:"/RewardInstall ... (last changed by TWikiGuest)TWikiGuest2001891http://doc.emergingthreats.net/bin/view/Main/20018912008-07-06T20:19:21Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (agent)"; flow: to server,established; content:" 0d 0a User Agent\: agent ... (last changed by TWikiGuest)TWikiGuest2008077http://doc.emergingthreats.net/bin/view/Main/20080772008-07-04T13:35:04Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm EXE Request (fireworks.exe)"; flow:established,to server; content ... (last changed by TWikiGuest)TWikiGuestSandnetAnalystsGrouphttp://doc.emergingthreats.net/bin/view/Main/SandnetAnalystsGroup2008-07-03T19:55:17ZSandnetAnalystsGroup Member list (comma separated list): Set GROUP MattJonkman, DeapeshMisra, BlakeHartstein, JamesMcQuaid, AndreDiMino, DavidBianco, TeresaGarner ... (last changed by MattJonkman)MattJonkmanWillFortehttp://doc.emergingthreats.net/bin/view/Main/WillForte2008-07-03T19:37:09ZMy Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ... (last changed by TWikiRegistrationAgent)TWikiRegistrationAgent2008367http://doc.emergingthreats.net/bin/view/Main/20083672008-07-03T19:30:00Zalert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send Javascript"; flow: established; content:" 0d 0a ... (last changed by TWikiGuest)TWikiGuest2008368http://doc.emergingthreats.net/bin/view/Main/20083682008-07-03T19:30:00Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Unknown Keylogger checkin"; flow:established; content:"GET"; depth:4; uricontent:"?mail "; uricontent ... (last changed by TWikiGuest)TWikiGuest2001685http://doc.emergingthreats.net/bin/view/Main/20016852008-07-03T19:24:48Zalert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content ... (last changed by TWikiGuest)TWikiGuest2001684http://doc.emergingthreats.net/bin/view/Main/20016842008-07-03T19:24:48Zalert tcp any $HTTP PORTS $HOME NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send image, Win32"; flow: established; content:"Content ... (last changed by TWikiGuest)TWikiGuest2008369http://doc.emergingthreats.net/bin/view/Main/20083692008-07-03T19:24:48Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Keylogger Crack by bahman"; flow:established; content:"POST"; depth:5; content:" message 2b keylogger ... (last changed by TWikiGuest)TWikiGuest2008366http://doc.emergingthreats.net/bin/view/Main/20083662008-07-03T15:12:53Zalert tcp $HOME NET any $EXTERNAL NET 82 (msg:"ET TROJAN LD Pinch Checkin (HTTP POST on port 82)"; flow:established,to server; content:"POST "; depth:5; content ... (last changed by TWikiGuest)TWikiGuest2008185http://doc.emergingthreats.net/bin/view/Main/20081852008-07-03T14:34:46Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32 Cloaker Related Post Infection Checkin"; flow:established,to server; uricontent:"/log/proc ... (last changed by TWikiGuest)TWikiGuest2008365http://doc.emergingthreats.net/bin/view/Main/20083652008-07-03T04:30:14Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Playtech Downloader)"; flow:to server,established; content:" 0d 0a User ... (last changed by TWikiGuest)TWikiGuest2008363http://doc.emergingthreats.net/bin/view/Main/20083632008-07-03T04:30:14Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ISMYIE)"; flow:to server,established; content:" 0d 0a User Agent\: ISMYIE ... (last changed by TWikiGuest)TWikiGuest2008364http://doc.emergingthreats.net/bin/view/Main/20083642008-07-03T04:30:14Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Donkeyp2p Update Detected"; flow:established,to server; content:"GET "; depth:4; uricontent:"donkeyp2p ... (last changed by TWikiGuest)TWikiGuestSifuKurthttp://doc.emergingthreats.net/bin/view/Main/SifuKurt2008-07-01T23:16:18ZMy Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ... (last changed by TWikiRegistrationAgent)TWikiRegistrationAgent