Re: Ebury SSH Rootkit sig.

[Y M <snort () outlook com>]

Hi Joel, 
 
I am NOT the author of the rule. I was reading the article in hope to find something to sig on and I found the rule 
written already. cert-bund.de are the authors.
 
YM
 
From: jesler () cisco com
To: snort () outlook com
CC: snort-sigs () lists sourceforge net
Subject: Re: [Snort-sigs] Ebury SSH Rootkit sig.
Date: Sat, 15 Feb 2014 18:02:03 +0000

Did you author the rule?  

--Joel EslerSent from my iPhone
On Feb 15, 2014, at 10:17, "Y M" <snort () outlook com> wrote:



The sig is provided/available at https://www.cert-bund.de/ebury-faq, near the end of the page.
 
YM
 
 
                                          
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!