backdoor (2009.08.05)

alert any any -> any 80 (msg:”Heuristic.BehavesLike.Win32.Rootkit.L”; uricontent:”/progs/kfbffgtxxk/ueswa”; content:”Host|3a20|cddcrjuwwz.com|0d0a|”; nocase; http_header;)

Advertisements

About this entry