[Community-sigs] SPEEDTEST Shellbot

Jörg Stephan jost2208 at gmail.com
Wed Aug 12 02:58:35 EDT 2015


Good morning,

my honeypot came across a shellbot injection

Source: hxxp://194.60.242[.]251/minispeedtest/speedtest/.z/hb/plk03
Zonealam: Backdoor.Perl.Shellbot.a

I created the following signature to detect it

SHELL.Shellbot.SPEEDTEST:0:*:2323230D0A2320537465616C7468205368656C6C626F7420

It basically searches for the ## SHELLBOT  tag within the file.
-- 
Regards

Joerg Stephan
IDSBlog: http://sendmespamids.blogspot.nl/



More information about the Community-sigs mailing list