[Snort-sigs] Ilookup Trojan

Matthew Jonkman matt at ...2436...
Thu Jun 24 23:47:03 EDT 2004

alert tcp any any -> any any (msg:"BLEEDING-EDGE Possible ILookup Trojan 
Install"; content:"UN+mDnNGEDbULNbDnmOrKxY RY O"; 
classtype:trojan-activity; sid:2000316; rev:1; )

This is in the bleedingsnort rules as well. A full-disclosure post 
mentions a plausible link between this and the current possible worm.

Not tested, but should be good.


More information about the Snort-sigs mailing list