[Snort-sigs] New gator sig

Matthew Jonkman matt at ...2436...
Fri Jul 9 08:20:10 EDT 2004


Added a new gator sig from Joel Esler. This may see more that the 
existing, especially if they alter the user agent some.

#Submitted by Joel Esler
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE 
Malware Gator Agent Installed"; content:"|5573 65 72 2d 41 67 65 6e 74 
3a 20 47 61 74 6f 72|";reference:url,pestpatrol.com/pestinfo/g/gain.asp; 
sid:2000368; rev:1;)

Matt




More information about the Snort-sigs mailing list