naver account hijacking

http://hummingbird.tistory.com/2079

벌새님의 블로그에 포스팅된 분석된 내용을 가지고 룰을 만들어 봤습니다..^^

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Naver Account Hijacking”; flow:to_server,established; uricontent:”/ma.php?to=”; nocase; uricontent:”@naver.com&from=”;  nocase; uricontent:”@naver.com&title=”; nocase; uricontent:”&body=”; nocase;)

Advertisements

About this entry