[Community-sigs] SPEEDTEST Shellbot
Jörg Stephan
jost2208 at gmail.com
Wed Aug 12 02:58:35 EDT 2015
Good morning,
my honeypot came across a shellbot injection
Source: hxxp://194.60.242[.]251/minispeedtest/speedtest/.z/hb/plk03
Zonealam: Backdoor.Perl.Shellbot.a
I created the following signature to detect it
SHELL.Shellbot.SPEEDTEST:0:*:2323230D0A2320537465616C7468205368656C6C626F7420
It basically searches for the ## SHELLBOT tag within the file.
--
Regards
Joerg Stephan
IDSBlog: http://sendmespamids.blogspot.nl/
More information about the Community-sigs
mailing list