Trojan (20091020)

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:”Trojan.FakeAV”; flow:established, to_server, uricontent:”/lA1BY0rlZ5r8Y0/R4EO7pqH2B“; content:”Host|3a20|ertanue5skayert.com|0d0a|”; nocase; http_header;)

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:”Trojan-Spy.Win32.Zbot.gen”; flow:established, to_server, uricontent:”/zed1/table.bin”; content:”Host|3a20|dino-war1722.com|0d0a|”; nocase; http_header;)

Advertisements

About this entry