EmergingThreats
>
Main Web
>
2007573
(revision 1) (raw view)
Edit
Attach
<h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-29 09:46:50 UTC %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }% <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-29 05:16:37 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-29 04:03:18 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-29 03:48:02 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 12:54:19 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 10:32:14 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 05:34:27 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 05:08:19 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 04:38:36 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 03:47:59 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-27 02:38:57 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-26 23:05:21 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-25 14:27:03 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-25 01:34:10 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-25 00:51:53 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-24 23:47:01 UTC <hr> <h2> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Vundo.dam http Update"; flow:established,to_server; uricontent:"/cgi-bin/heartbeat.php"; nocase; uricontent:"uid="; nocase; uricontent:"&affiliate_id="; nocase; uricontent:"&db=1"; nocase; uricontent:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:1;) </h2> Added 2007-08-24 16:03:47 UTC <hr>
Edit
|
Attach
|
P
rint version
|
H
istory
:
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Raw edit
|
More topic actions...
Topic revision: r1 - 2007-09-21
-
ShirkDog
?
Main
Log In
Main Web
Create New Topic
Index
Search
Changes
Preferences
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss
Feed
EmergingFAQ
Copyright © Emerging Threats
Main Web
Create New Topic
Index
Search
Changes
Preferences
Copyright © Emerging Threats Copyright © Emerging Threats