""ET TROJAN ZeroAccess udp traffic detected""
SID: 2015474
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2012_07_14, updated_at 2012_07_14
Reference:
Protocol: udp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 53
Flow:
Contents:
- Value: "|9e 98|" Depth: 2 Offset: 6
Within:
PCRE:
Special Options: