alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Downloader.Win32.Agent.bwr CnC? Beacon"; flow:established,to_server; content:"?m="; nocase; http_uri; content:"&a="; nocase; http_uri; content:"&hdd="; nocase; http_uri; content:"&os="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006377; classtype:trojan-activity; sid:2006377; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:59:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Downloader.Win32.Agent.bwr CnC? Beacon"; flow:established,to_server; content:"?m="; nocase; http_uri; content:"&a="; nocase; http_uri; content:"&hdd="; nocase; http_uri; content:"&os="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006377; classtype:trojan-activity; sid:2006377; rev:6;)

Added 2015-06-26 17:13:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; content:"?m="; nocase; http_uri; content:"&a="; nocase; http_uri; content:"&hdd="; nocase; http_uri; content:"&os="; nocase; http_uri; reference:url,doc.emergingthreats.net/2006377; classtype:trojan-activity; sid:2006377; rev:4;)

Added 2011-10-12 19:20:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; content:"?m="; nocase; http_uri; content:"&a="; nocase; http_uri; content:"&hdd="; nocase; http_uri; content:"&os="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006377; sid:2006377; rev:4;)

Added 2011-09-14 22:34:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; content:"?m="; nocase; http_uri; content:"&a="; nocase; http_uri; content:"&hdd="; nocase; http_uri; content:"&os="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006377; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2006377; rev:4;)

Added 2011-02-04 17:25:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; uricontent:"?m="; nocase; uricontent:"&a="; nocase; uricontent:"&hdd="; nocase; uricontent:"&os="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006377; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2006377; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; uricontent:"?m="; nocase; uricontent:"&a="; nocase; uricontent:"&hdd="; nocase; uricontent:"&os="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006377; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2006377; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; uricontent:"?m="; nocase; uricontent:"&a="; nocase; uricontent:"&hdd="; nocase; uricontent:"&os="; nocase; classtype:trojan-activity; sid:2006377; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; uricontent:"?m="; nocase; uricontent:"&a="; nocase; uricontent:"&hdd="; nocase; uricontent:"&os="; nocase; classtype:trojan-activity; sid:2006377; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Ask.com Toolbar/Spyware User Agent"; flow:established,to_server; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+AskPBar/i"; classtype: trojan-activity; sid: 2006377; rev:1;)

Added 2007-07-06 14:30:45 UTC

Detects the Downloader.Win32.Agent.bwr Trojan when installed Sunbelt Software Reference

-- ShirkDog? - 30 Jul 2007


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Downloader.Win32.Agent.bwr"; flow:established,to_server; uricontent:"?m="; nocase; uricontent:"&a="; nocase; uricontent:"&hdd="; nocase; uricontent:"&os="; nocase; classtype:trojan-activity; sid:2006377; rev:1;)

Added 2007-07-06 14:17:11 UTC


Topic revision: r2 - 2007-07-30 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats