EmergingThreats> Main Web>2008442 (revision 1)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Rootkit.Win32.Clbd.cz Checkin"; flow:established,to_server; content:"POST"; depth:5; uricontent:".php"; content:"gd="; content:"=="; within:20; content:"&affid="; content:"="; within:5; content:"&subid="; content:"=="; within:5; content:"&prov="; classtype:trojan-activity; sid:2008442; rev:1;)

Added 2008-07-18 11:38:50 UTC


Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2009-01-19 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats