[Community-sigs] SPEEDTEST Shellbot

Jörg Stephan jost2208 at gmail.com
Wed Aug 12 02:58:35 EDT 2015

Good morning,

my honeypot came across a shellbot injection

Source: hxxp://194.60.242[.]251/minispeedtest/speedtest/.z/hb/plk03
Zonealam: Backdoor.Perl.Shellbot.a

I created the following signature to detect it


It basically searches for the ## SHELLBOT  tag within the file.

Joerg Stephan
IDSBlog: http://sendmespamids.blogspot.nl/

More information about the Community-sigs mailing list