[Snort-sigs] Maleware Keenvalue
matt at ...2436...
Wed Jul 7 13:41:21 EDT 2004
I've moved this rule from the stable set to the submitted (broken) cvs
que. It's not specific enough.
Someone has pointed out that there is a woodworking company with that
name, this hits all over on their website. :)
I added a reference to the rule he provided which leads me to believe
that the rule needs to be much more specific. It's in the submitted cvs
area if you'd like to take a crack at extending it.
alert tcp any any -> any any (msg:"BLEEDING-EDGE Malware Keenvalue";
content:"Keenvalue";nocase;sid:2000021; rev:2; )
More information about the Snort-sigs