[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Injecter checking sig
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2008-06-26 14:33:07
Message-ID: 4863A8A3.5050109 () jonkmans ! com
[Download RAW message or body]
Posted
Marcus wrote:
> ref: 0ad5f61380dba645bd1eaa965a78a8d1
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN
> Injecter Checkin"; flow:established,to_server; content:"GET"; depth:4;
> uricontent:"mod="; uricontent:"&id="; uricontent:"&up="; content:"|0d
> 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\;
> SV1)"; classtype:trojan-activity; nocase; sid:99999; rev:1;)
>
>
> Cheers,
> Marc
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic