EmergingThreats> Main Web>2003573 (2007-04-13, MattJonkman) EditAttach

#alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (hotfix-)"; flow:established,to_server; content:"filename=|22|hotfix|2e|"; nocase; pcre:"/hotfix-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003573; rev:1;)

Added 2007-07-11 02:45:54 UTC

alert tcp any any -> $HOME_NET 25 (msg:"BLEEDING-EDGE CURRENT EVENTS Probable Storm Worm Email Inbound (hotfix-)"; flow:established,to_server; content:"filename=|22|hotfix|2e|"; nocase; pcre:"/hotfix-\d{4,5}\x2ezip/i"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=2612; sid:2003573; rev:1;)

Added 2007-04-13 12:00:25 UTC

Temporary until the huge increase drops off. Should be removed within a week or so.

-- MattJonkman - 13 Apr 2007

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2007-04-13 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats