[Snort-sigs] New bagle variant
mjonkman at ...2436...
Mon Aug 16 07:52:05 EDT 2004
Just posted this to Bleedingsnort.com for the bagle variant out there.
Seems to be moving fast, but a fwe av engines have not yet identified it.
This rull will certainly have a few falses, but if you have a real
infected one I'm sure it'll hit a number of these.
alert tcp $HOMT_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE
Bagle Variant Requesting 2.jpg";
uricontent:"2.jpg"; sid:2001061; rev:1;)
More information about the Snort-sigs