Hello,
One existing alert (useragent=mozila/4.0) have detected
this trojan,
defined at the url given as reference. This rule can be a
more speficic rule
for this trojan.
alert tcp any any -> any any (msg: "LOCAL
TROJ_MESPAM.A";
flow:to_server,established;
pcre:"/^Hostx3A[^rn]*px2Esecondsite1x2Ecom/smi&quo
t;;
classtype:policy-violation;
reference:url,de.trendmicro-europe.com/enterprise/vinfo/ency
clopedia.php?LYstr=VMAINDATA&vNav=3&VName=TROJ_MESPA
M.A;
sid:200703190959;rev:1;)
Thierry.
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
|
