alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent|3a| DNS Extractor"; nocase; http_header; reference:url,doc.emergingthreats.net/2003567; classtype:trojan-activity; sid:2003567; rev:8;)

Added 2011-12-16 18:53:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent|3a| DNS Extractor"; nocase; http_header; reference:url,doc.emergingthreats.net/2003567; classtype:trojan-activity; sid:2003567; rev:8;)

Added 2011-10-12 19:13:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent|3a| DNS Extractor"; nocase; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:8;)

Added 2011-09-14 22:26:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent|3a| DNS Extractor"; nocase; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Winfix; sid:2003567; rev:8;)

Added 2011-02-04 17:22:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Winfix; sid:2003567; rev:6;)

Added 2009-11-25 11:39:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Winfix; sid:2003567; rev:6;)

Added 2009-11-25 11:39:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2003567; rev:4;)

Added 2009-02-09 21:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2003567; rev:4;)

Added 2009-02-09 21:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2003567; rev:4;)

Added 2009-02-09 21:29:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2003567; rev:4;)

Added 2009-02-09 21:29:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:3;)

Added 2008-01-28 17:24:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:3;)

Added 2008-01-28 17:24:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-09 17:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-09 17:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-09 15:15:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-09 15:15:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-08 20:25:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2003567; sid:2003567; rev:2;)

Added 2008-01-08 20:25:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor)"; flow:to_server,established; content:"User-Agent\: DNS Extractor"; nocase; classtype:trojan-activity; reference:url,doc.bleedingthreats.net/2003567; sid:2003567; rev:1;)

Added 2007-04-12 16:30:20 UTC


Topic revision: r1 - 2011-12-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats