alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Grandstreet Interactive Spyware User Agent Activity (2)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+wupdsnff\.exe/i"; classtype: trojan-activity; sid: 2002014; rev:22;)

Added 2008-02-01 14:32:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Grandstreet Interactive Spyware User Agent Activity (2)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+wupdsnff\.exe/i"; classtype: trojan-activity; sid: 2002014; rev:22;)

Added 2008-02-01 14:32:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Malware Grandstreet Interactive Spyware User Agent Activity (2)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+wupdsnff\.exe/i"; classtype: trojan-activity; sid: 2002014; rev:11;)

Added 2008-01-28 17:24:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Malware Grandstreet Interactive Spyware User Agent Activity (2)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+wupdsnff\.exe/i"; classtype: trojan-activity; sid: 2002014; rev:11;)

Added 2008-01-28 17:24:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent Activity (2)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+wupdsnff\.exe/i"; classtype: trojan-activity; sid: 2002014; rev:10;)



Topic revision: r1 - 2008-02-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats