EmergingThreats> Main Web>2008078 (2008-04-02, TWikiGuest) EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008078; rev:3;)

Added 2008-04-02 08:53:20 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/Host\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; classtype:trojan-activity; sid:2008078; rev:3;)

Added 2008-04-02 08:53:20 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/funny\.exe/Ui"; classtype:trojan-activity; sid:2008078; rev:2;)

Added 2008-04-01 11:35:15 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; pcre:"/(\d{2,4}\.?){3}\d{2,4}/funny\.exe/Ui"; classtype:trojan-activity; sid:2008078; rev:2;)

Added 2008-04-01 11:35:15 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)"; flow:established,to_server; uricontent:"/funny.exe"; nocase; classtype:trojan-activity; sid:2008078; rev:1;)

Added 2008-03-31 18:01:49 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2008-04-02 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats