alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SideStep? Bar Autoupdate"; flow: to_server,established; uricontent:"/autoupd/rel"; nocase; pcre:"/Host\:/sstart\d+.sidestep.com/i"; reference:url,www.sidestep.com; reference:url,www.spyany.com/program/article_spw_rm_SideStep.html; classtype: policy-violation; sid: 2001019; rev:8;)

Added 2008-01-28 17:24:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SideStep? Bar Autoupdate"; flow: to_server,established; uricontent:"/autoupd/rel"; nocase; pcre:"/Host\:/sstart\d+.sidestep.com/i"; reference:url,www.sidestep.com; reference:url,www.spyany.com/program/article_spw_rm_SideStep.html; classtype: policy-violation; sid: 2001019; rev:8;)

Added 2008-01-28 17:24:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware SideStep? Bar Autoupdate"; flow: to_server,established; uricontent:"/autoupd/rel"; nocase; pcre:"/Host\:/sstart\d+.sidestep.com/i"; reference:url,www.sidestep.com; reference:url,www.spyany.com/program/article_spw_rm_SideStep.html; classtype: policy-violation; sid: 2001019; rev:7;)



Topic revision: r1 - 2008-01-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats