|
Written by Matt Jonkman
|
|
Wednesday, 09 January 2008 |
|
Interesting new trojan around, and a signature from iDefense/Verisign. Information about it here at Websense: www.websense.com/securitylabs/alerts/alert.php?AlertID=835 The submitted signature: #from Matt Richard with Verisign Security Services / iDefense
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 ( msg:"BLEEDING-EDGE TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware"; flow:to_server; content:"POST"; nocase; offset:0; depth:4; content:"ACCEPT|3A|"; nocase; within:300; content:"POST|2C|"; nocase; within:100; classtype:trojan-activity; reference:url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835; sid:2007748; rev:1;) Please let us know about any false, but the activity is very unique. Should be reliable. Thanks to iDefense/Verisign!
|
|
Last Updated ( Wednesday, 09 January 2008 )
|
