EditAttachPrintable
r3 - 20 Feb 2008 - 19:43:17 - MikeSchrollYou are here: TWiki >  Main Web > 2007634

alert udp $HOME_NET 1024:65535 -> $EXTERNAL_NET 1024:65535 (msg:"BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by md5"; dsize:25; threshold: type threshold, count 40, seconds 60, track by_src; classtype:trojan-activity; sid:2007634; rev:1;)

Added 2007-10-15 11:55:08 UTC

StormWorm related

-- MattJonkman - 15 Oct 2007

This false positives on Call of Duty 2 on port 28960 UDP

-- MikeSchroll - 20 Feb 2008

 

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
Main

 
Docs at Bleeding Threats
This site is powered by the TWiki collaboration platformCopyright © Bleeding Edge Threats.
Ideas, requests, problems regarding TWiki? Send feedback