Trojan (2009.7.13)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Dropper.Agent.IK”; flow:to_server,established; uricontent:”/update/run.php”; content:”Host|3a 20|www|2e|happycoin|2e|co|2e|kr”; nocase; http_header; )
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Dropper.Win32.Agent.aqpn”; flow:to_server,established; uricontent:”/winxp/mm.txt”; content:”Host|3a 20|www|2e|dy2004|2e|com”; nocase;  http_header; )
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Downloader.Win32.Banload.bvk”; flow:to_server,established; uricontent:”/photo/tju-15-06-09.jpg”; content:”Host|3a 20|www|2e|ishiharakikaku|2e|co|2e|jp”; nocase; http_header; )

Advertisements

About this entry