Hi,
On Sat, Apr 22, 2006 at 11:16:54PM +0200, Tom Fischer wrote:
> some rules to trigger sites using the WebAttacker kit
(which uses
> various exploits to install malware on vulnerable
systems)
another signature for the newest WebAttacker version:
--snip--
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE EXPLOIT WebAttacker kit";
flow:established,to_server;
uricontent:"ie0606.cgi?type="; nocase;
classtype: web-application-attack; rev:1;)
--snap--
--
Tom Fischer
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs bleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
|