[Emerging-Sigs] New UAS seen in Zlob

Frank Knobbe frank at knobbe.us
Fri Jan 16 18:58:12 EST 2009


On Fri, 2009-01-16 at 10:49 -0700, Darren Spruell wrote:
> # mod of 2003632
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET VIRUS
> Zlob User Agent (securityinternet)"; flow:established,to_server;
> content:"User-Agent\:
> securityinternet"; classtype:trojan-activity; sid:XXXXXXX; rev:1;)

Committed with SID 2009022.

Thanks,
Frank


-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.




More information about the Emerging-sigs mailing list