alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008078; rev:3;)
Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008078; rev:3;)
Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/funny\.exe/Ui"; classtype:trojan-activity; sid:2008078; rev:2;)
Added 2008-04-01 11:35:15 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/funny\.exe/Ui"; classtype:trojan-activity; sid:2008078; rev:2;)
Added 2008-04-01 11:35:15 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; classtype:trojan-activity; sid:2008078; rev:1;)
Added 2008-03-31 18:01:49 UTC