alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT EVENTS Likely Storm Binary Requested (ecard.exe)"; flow:established,to_server; uricontent:"/ecard.exe"; nocase; classtype:trojan-activity; sid:2007902; rev:1;)
Added 2008-03-03 04:49:55 UTC