alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN TROJ_ANICMOO.AX Downloading wincf.exe"; uricontent:"/wincf.exe"; threshold:type limit, track by_src, count 1, seconds 60; classtype:trojan-activity; reference:url,uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_ANICMOO.AX; sid:2003521; rev:1;)
Added 2007-03-30 12:05:58 UTC