[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Wed Jan 2 17:00:07 EST 2008


[***] Results from Oinkmaster started Wed Jan  2 17:00:07 2008 [***]

[*] Rules modifications: [*]
    None.

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-virus.rules (2):
        # Created by Jeremy Conway  with contributions from Steven Adair
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN TROJ_PROX.AFV POST"; flow:to_server,established; content:"POST "; nocase; depth:5; uricontent:".php"; nocase; content:"=|22|sid|22|"; nocase; content:"=|22|up|22|"; nocase; content:"=|22|wbfl|22|"; nocase; content:"=|22|v|22|"; nocase; content:"=|22|ping|22|"; nocase; content:"=|22|guid|22|"; nocase; content:"=|22|wv|22|"; nocase; reference:url,trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPROXY%2EAFV&VSect=T; classtype:trojan-activity; sid:2007728 rev:1;)





More information about the Snort-sigs mailing list