[Snort-sigs] Re: Fp ON 2001702

Frank Knobbe frank at ...1978...
Mon Jul 4 10:56:20 EDT 2005


On Mon, 2005-07-04 at 12:47 -0500, Colin Grady wrote:
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
> (msg:"BLEEDING-EDGE MALWARE Shop at Home Select Spyware Activity";
> flow:established,to_server; content:"User-Agent\: "; nocase;
> content:"Bundle"; nocase; within:30; classtype: policy-violation; sid:
> 2001702; rev:8;)

Yup, we'll add them shortly.

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050704/2875f7b6/attachment.sig>


More information about the Snort-sigs mailing list