QODS ec

Saturday, June 26, 2004

VIRUS: Stable/VIRUS_Unknown_IIS_Worm

Stable/VIRUS_Unknown_IIS_Worm - view - 1.9: "alert tcp any 80 -> any any (msg:'BLEEDING-EDGE Unknown IIS Worm Code in Transit'; content:'function gc099'; classtype:trojan-activity; sid:2000312; rev:2;) alert tcp any 80 -> any 80 (msg:'BLEEDING-EDGE Unknown IIS Worm Client Visiting Infected Page'; uricontent:'/dot.php'; classtype:trojan-activity; sid:2000313; rev:2;) alert tcp any 80 -> any any (msg:'BLEEDING-EDGE Client Downloading IE Adodb Code From Compromised Web Server'; content:'qxco7=document'; content:'qxco7.indexOf'; classtype:trojan-activity; sid:2000316; rev:2;) alert tcp any 80 -> any any (msg:'BLEEDING-EDGE IE ADODB Exploit Javascript Detected'; content:'var qxco7=document.cookie'; sid:2000317; rev:1; ) alert tcp any 80 -> any any (msg:'BLEEDING-EDGE IE msits.exe Download Detected'; content:'|BA AC C7 AD C7 48 83 D1 CA 68 81 26 8B 6C F3 29 00 28 A3 2E 00 38 A3 36 02 6E 3F 25 8B 6C 87 E5 D8 3A D0 AD CF 48 97 76 E1 92 EF 26 9B 2C 87 42|'; sid:2000318; rev:1; ) alert tcp any 80 -> any any (msg:'BLEEDING-EDGE IE Adodb.Stream Exploit in Transit (Encoded)'; content:'%6D'; nocase; content:'%53%74%72%65%61%6D'; nocase; content:'%41%44%4F%44%42%2E'; nocase; classtype: trojan-activity; sid:2000319; rev:1;) alert tcp any 80 -> any any (msg:'BLEEDING-EDGE IE Adodb.Stream Exploit in Transit'; content:'mms\://'; nocase; content:'ADODB.Stream'; nocase;classtype: trojan-activity; sid:2000320; rev:1;) alert tcp any any -> 217.107.218.147 any (msg:'BLEEDING-EDGE Infected Client contacting 217.107.218.147'; classtype: trojan-activity; sid:2000322; rev:1;)"

0 Comments:

Post a Comment

<< Home


Get Firefox!