alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006415; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_QQHelper; sid:2006415; rev:4;)

Added 2009-02-13 19:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006415; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_QQHelper; sid:2006415; rev:4;)

Added 2009-02-13 19:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; sid:2006415; rev:3;)

Added 2008-06-06 20:49:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; sid:2006415; rev:3;)

Added 2008-06-06 20:49:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent -- Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; sid:2006415; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN QQHelper Related User-Agent -- Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; sid:2006415; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN QQHelper Related User-Agent -- Infection Checkin"; flow:established,to_server; content:"|35 70|User-Agent\: "; nocase; pcre:"/\x35\x70User-Agent\: [a-zA-Z0-9]{115}/"; classtype:trojan-activity; sid:2006415; rev:1;)

Added 2007-07-20 02:45:36 UTC

From the Sandnet Analysis:

http://www.sophos.com/security/analyses/qqhelper.html

-- ShirkDog? - 23 Aug 2007


Topic revision: r2 - 2007-08-23 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats