EmergingThreats> Main Web>2006411 (revision 1)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"BLEEDING-EDGE TROJAN Storm Worm HTTP Request"; flow:established,to_server; content:"GET "; depth:4; offset:0; uricontent:"/?"; pcre:"/GET http\:\/\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/\?[0-9a-f]{16}/Ui"; classtype:trojan-activity; sid:2006411; rev:2;)

Added 2007-07-20 23:44:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"BLEEDING-EDGE TROJAN Storm Worm HTTP Request"; flow:established,to_server; content:"GET "; depth:4; offset:0; uricontent:"/?"; pcre:"/GET http\:\/\/[0-9]+\.[0-9]+\.[0-9]+\.]0-9]+\/\?[0-9a-f]{16}/Ui"; classtype:trojan-activity; sid:2006411; rev:1;)

Added 2007-07-19 04:38:54 UTC


Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-07-20 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats