MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.
MALWARE-BACKDOOR GateCrasher
This event is generated when network traffic indicating the use of the Gatecrasher trojan horse is detected. Impact: Possible theft of data and passwords. Details: The Trojan changes system registry settings to add the Gatecrasher server to programs normally started on boot. Due to the nature of this Trojan it is unlikely that the attacker's client IP address has been spoofed. Ease of Attack: This is Trojan activity, the target machine may already be compromised. Updated virus definition files are essential in detecting this Trojan. The Trojan server is named system.exe
No information provided
No public information
No known false positives
Original rule written by Max Vision <vision@whitehats.com> Cisco Talos Nigel Houghton
No rule groups
None
No information provided
None