Versions (2)
Version DetailsCurrent
Rev: 8 • Jun 6, 2011, 12:00 PMET MALWARE Suspicious Email Attachment Possibly Related to Mydoom.L@mm
alert smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Suspicious Email Attachment Possibly Related to Mydoom.L@mm"; flow:established,to_server; content:"Subject|3a 20|"; nocase; content:"mail"; nocase; within:34; content:"name|3d 22|"; pcre:"/name\x3d\x22(message|letter|.*lebanon\x2donline\x2ecom\x2elb)?\x2ezip\x22\x0d\x0a/"; reference:md5,28110a8ea5c13859ddf026db5a8a864a; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2; classtype:trojan-activity; sid:2012932; rev:8; metadata:created_at 2011_06_06, signature_severity Major, updated_at 2019_07_26;)
Jun 6, 2011, 12:00 PM
Jul 26, 2019, 12:00 PM
Jun 6, 2011, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules