[Emerging-Sigs] ET TROJAN Win32.Injector.gen!BB Signature

Micah Kays micah.d.kays at gmail.com
Tue Oct 11 13:01:01 EDT 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN
Win32.Injector.gen!BB"; flow:established,to_server; content:"GET";
http_method; content:".php?"; http_uri; nocase; content:"file=";
http_uri; nocase; content:"&luck="; http_uri; nocase;
classtype:trojan-activity;
refernce:url,http://www.threatexpert.com/report.aspx?md5=4d02b099399b339fad19ae2081a24e45;
sid:001; rev:1;)


More information about the Emerging-sigs mailing list