Versions (5)
Version DetailsCurrent
Rev: 4 • May 14, 2013, 12:00 PMET MALWARE Possible Linux/Cdorked.A CnC
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET MALWARE Possible Linux/Cdorked.A CnC"; flow:established,to_server; http.uri; content:"/favicon.iso?"; fast_pattern; reference:url,code.google.com/p/malware-lu/wiki/en_malware_cdorked_A; reference:url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/; classtype:command-and-control; sid:2016850; rev:4; metadata:created_at 2013_05_14, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_18;)
May 14, 2013, 12:00 PM
Sep 18, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 5, 2025, 11:34 PM
rules/emerging-malware.rules