File: worms.pm

package info (click to toggle)
awstats 8.0-3
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 13,244 kB
  • sloc: perl: 40,711; xml: 1,785; javascript: 1,493; java: 359; sh: 152; makefile: 40; php: 29
file content (72 lines) | stat: -rw-r--r-- 2,247 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# AWSTATS WORMS ADATABASE
#-----------------------------------------------------------------------------
# If you want to add worms to extend AWStats database detection capabilities,
# you must add an entry in WormsSearchIDOrder, WormsHashID and WormsHashLib.
#-----------------------------------------------------------------------------


#package AWSWORMS;



# WormsSearchIDOrder
# This list is used to know in which order to search Worm IDs.
# This array is array of Worms matching criteria found in URL submitted
# to web server. This is a not case sensitive ID.
#-----------------------------------------------------------------------------
@WormsSearchIDOrder = (
'\/default\.ida',
'\/null\.idq',
'exe\?\/c\+dir',
'root\.exe',
'admin\.dll',
'\/nsiislog\.dll',
'\/sumthin',
'\/winnt\/system32\/cmd\.exe',
'\/_vti_inf\.html',
'\/_vti_bin\/shtml\.exe\/_vti_rpc'
);

# WormsHashID
# Each Worms search ID is associated to a string that is unique name of worm.
#-----------------------------------------------------------------------------
%WormsHashID = (
'\/default\.ida','code_red',
'\/null\.idq','code_red',
'exe\?\/c\+dir','nimda',
'root\.exe','nimda',
'admin\.dll','nimda',
'\/nsiislog\.dll','mpex',
'\/sumthin','sumthin',
'\/winnt\/system32\/cmd\.exe','nimda',
'\/_vti_inf\.html','unknown',
'\/_vti_bin\/shtml\.exe\/_vti_rpc','unknown'
#'/MSOffice/cltreq.asp'		# Not a worm, a check by IE to see if discussion bar is turned on
#'/_vti_bin/owssrv.dll'		# Not a worm, a check by IE to see if discussion bar is turned on
);

# WormsHashLib
# Worms name list ('worm unique id in lower case','worm clear text')
# Each unique ID string is associated to a label
#-----------------------------------------------------------------------------
%WormsHashLib = (
'code_red','Code Red family worm',
'mpex','IIS Exploit worm',
'nimda','Nimda family worm',
'sumthin','Sumthin worm',
'unknown','Unknown worm'
);

# WormsHashTarget
# Worms target list ('worm unique id in lower case','worm target clear text')
# Each unique ID string is associated to a target
#-----------------------------------------------------------------------------
%WormsHashTarget = (
'code_red','IIS',
'mpex','IIS',
'nimda','IIS',
'sumthin','?',
'unknown','MS products',
);

1;