Trojan (20090824)

alert tcp any any -> any 88 (msg:”http Win-Trojan/Downloader.53248.FU redirect server access”; flow:established, to_server; content:”/ic.htm“; nocase; content:”Host|3a20|stat.winrar2009.cn:88|0d0a|”; nocase; distance:0;)

 

alert tcp any any -> any 80 (msg:”http Win-Trojan/Downloader.53248.FU js file download”; flow:established, to_server; uricontent:”/2941498.js“; nocase; content:”Host|3a20|js.users.51.la|0d0a|”; nocase; http_header;)

Advertisements

About this entry