[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: Re: [Bleeding-sigs] Snatch(er)
From: Matt Jonkman <jonkman () bleedingthreats ! net>
Date: 2007-03-29 5:38:28
Message-ID: 460B50D4.6020905 () bleedingthreats ! net
[Download RAW message or body]
Nice, posting now. THanks Tom!
Matt
Tom Fischer wrote:
> Hi,
>
> another identity theft trojan horse:
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"BLEEDING-EDGE TROJAN
> Snatch Reporting User Activity"; flow:established,to_server;
> uricontent:"/snatch/module";content:"User-Agent|3a20|Snatch-System";
> within:512; classtype:trojan-activity; rev:1;)
>
--
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
765-429-0398
765-807-3060 fax
http://www.bleedingthreats.net
--------------------------------------------
PGP: http://www.bleedingthreats.com/mattjonkman.asc
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic