### Virus pattern
# Virus name \t pattern (regexp)
Nimda	cmd.exe\?/c\+dir|root.exe?/c\+dir
Code Red	/default.ida\?NNN
Code Red II	/default.ida\?XXX
Sadmin	cmd.exe \/c\+|root.exe \/c\+echo\+
SMTP connection	(\w+)\.(\w+):25
PHPMyAdmin	/phpMyAdmin//config/config.inc.php?c=wget
Zen Cart	autoLoadConfig\[999\]\[0\]\[loadFile\]\=
Irokez blog	/modules/tml/block.tag.php?GLOBALS\[PTH\]\[classes\]\=
PHP DOCUMENT_ROOT	SERVER\[DOCUMENT_ROOT\]\=
rootdir	rootdir\=
Password Hack	/etc/passwd
Connect	CONNECT\ \[
Joomla RFI	 ?option=com_myblog\&Itemid=12\&task=
FrontAccounting	/config.php?path_to_root\=
