summaryrefslogtreecommitdiffstats
path: root/usr/local/share/protocols/nimda.pat
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/share/protocols/nimda.pat')
-rw-r--r--usr/local/share/protocols/nimda.pat8
1 files changed, 0 insertions, 8 deletions
diff --git a/usr/local/share/protocols/nimda.pat b/usr/local/share/protocols/nimda.pat
deleted file mode 100644
index 86c7ce1..0000000
--- a/usr/local/share/protocols/nimda.pat
+++ /dev/null
@@ -1,8 +0,0 @@
-# Nimda - a worm that attacks Microsoft IIS web servers, and MORE!
-# Pattern attributes: ok notsofast notsofast subset
-# Protocol groups: worm
-# Wiki: http://www.protocolinfo.org/wiki/Nimda
-# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
-
-nimda
-GET (/scripts/root\.exe\?/c\+dir|/MSADC/root\.exe\?/c\+dir|/c/winnt/system32/cmd\.exe\?/c\+dir|/d/winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.%5c\.\./winnt/system32/cmd\.exe\?/c\+dir|/_vti_bin/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c\.\./winnt/system32/cmd\.exe\?/c\+dir|/_mem_bin/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c\.\./winnt/system32/cmd\.exe\?/c\+dir|/msadc/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c/\.\.\xc1\x1c\.\./\.\.\xc1\x1c\.\./\.\.\xc1\x1c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc1\x1c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc0/\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc0\xaf\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc1\x9c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.%35c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.%35c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.%5c\.\./winnt/system32/cmd\.exe\?/c\+dir|/scripts/\.\.%2f\.\./winnt/system32/cmd\.exe\?/c\+dir)
OpenPOWER on IntegriCloud