Versions (2)
Version DetailsCurrent
Rev: 5 • Feb 19, 2014, 12:00 PMET WORM TheMoon.linksys.router 3
alert http any any -> $HOME_NET 8080 (msg:"ET WORM TheMoon.linksys.router 3"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/hndUnblock.cgi"; reference:url,isc.sans.edu/forums/diary/Linksys+Worm+Captured/17630; reference:url,exploit-db.com/exploits/31683/; reference:url,devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/; classtype:trojan-activity; sid:2018155; rev:5; metadata:created_at 2014_02_19, signature_severity Major, updated_at 2020_07_07;)
Feb 19, 2014, 12:00 PM
Jul 7, 2020, 12:00 PM
Feb 19, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-worm.rules