Versions (3)
Version DetailsCurrent
Rev: 3 • May 14, 2013, 12:00 PMET MALWARE Worm.Win32.Ngrbot.lof Join IRC channel
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Worm.Win32.Ngrbot.lof Join IRC channel"; flow:to_server,established; content:"NICK New|7B|"; nocase; pcre:"/^\S{2,3}\x2d(XP|2K3|VIS|2K8|W7|ERR)\w?\x2d\w+?\x7D\w+?\r\n?/Ri"; reference:url,microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32/Dorkbot.AR; reference:md5,dd05fcd2368d8d410a5b85e8d504a435; classtype:trojan-activity; sid:2016849; rev:3; metadata:created_at 2013_05_14, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
May 14, 2013, 12:00 PM
Jul 26, 2019, 12:00 PM
May 14, 2013, 12:00 PM
Dec 3, 2025, 10:34 PM
rules/emerging-malware.rules