[Emerging-Sigs] 72.232.195.26 (contacy.info)
Philipp Bescht
philipp at bescht.de
Wed Jul 9 15:49:52 EDT 2008
hi,
the following requests are made (among others):
GET /fd/sea.php?ver=ha3
GET /rr/srr.php?ver=ha1
with
User-Agent: clk_jdfhid
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"contacy.info
trojan checkin"; flow:to_server,established; uricontent:".php?ver=";
nocase; content:"|0d 0a|User-Agent\: clk_jdfhid|0d 0a|";
classtype:trojan-activity; sid:2009963; rev:1;)
regards,
philipp
More information about the Emerging-sigs
mailing list