#alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (patch-)"; flow:established,to_server; content:"filename=|22|patch|2e|"; nocase; pcre:"/patch-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003571; rev:1;) Added 2007-07-11 02:45:54 UTC
alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (patch-)"; flow:established,to_server; content:"filename=|22|patch|2e|"; nocase; pcre:"/patch-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003571; rev:1;) Added 2007-04-13 12:00:25 UTC Temporary until the huge increase drops off. Should be removed within a week or so. -- MattJonkman - 13 Apr 2007
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2007-04-13 - MattJonkman
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats