No subject


Thu Nov 23 16:34:03 EST 2017


alert icmp $HOME_NET any -> any 25 (content:"8FI0MxBcdcOwU0QzEFL0MwBXBDMQWsS2wFIkMxBcdcOgUqQz"; msg:"BLEEDING-EDGE VIRUS Netsky base64 port 25"; classtype:trojan-activity; sid:2001283; rev:2; )

I don't understand the 'alert *icmp*'. Netsky is purely SMTP-based,
isn't it?

cheers,
 Jamie
-- 
James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-sigs mailing list