No subject

Thu Nov 23 16:34:03 EST 2017

alert icmp $HOME_NET any -> any 25 (content:"8FI0MxBcdcOwU0QzEFL0MwBXBDMQWsS2wFIkMxBcdcOgUqQz"; msg:"BLEEDING-EDGE VIRUS Netsky base64 port 25"; classtype:trojan-activity; sid:2001283; rev:2; )

I don't understand the 'alert *icmp*'. Netsky is purely SMTP-based,
isn't it?

James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at:

More information about the Snort-sigs mailing list