#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; content:".exe"; nocase; http_uri; pcre:"/(gif|car(d|tao)|jpe?g)\.exe$/Ui"; reference:url,doc.emergingthreats.net/2006434; classtype:trojan-activity; sid:2006434; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:59:38 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; content:".exe"; nocase; http_uri; pcre:"/(gif|car(d|tao)|jpe?g)\.exe$/Ui"; reference:url,doc.emergingthreats.net/2006434; classtype:trojan-activity; sid:2006434; rev:8;)

Added 2011-10-12 19:20:43 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; content:".exe"; nocase; http_uri; pcre:"/(gif|car(d|tao)|jpe?g)\.exe$/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; sid:2006434; rev:8;)

Added 2011-09-14 22:34:15 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; content:".exe"; nocase; http_uri; pcre:"/(gif|car(d|tao)|jpe?g)\.exe$/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_EXE_HTTP; sid:2006434; rev:8;)

Added 2011-02-04 17:25:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe$/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_EXE_HTTP; sid:2006434; rev:6;)

Added 2010-01-08 09:45:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe$/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_EXE_HTTP; sid:2006434; rev:6;)

Added 2010-01-08 09:45:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_EXE_HTTP; sid:2006434; rev:5;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006434; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_EXE_HTTP; sid:2006434; rev:5;)

Added 2009-02-11 19:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; sid:2006434; rev:4;)

Added 2008-01-31 18:48:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; sid:2006434; rev:4;)

Added 2008-01-31 18:48:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; sid:2006434; rev:3;)

Added 2007-08-01 23:00:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/\/(card|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; sid:2006434; rev:2;)

Added 2007-07-30 03:42:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE POLICY Possible Ecard Trojan download"; flow:established,to_server; uricontent:".exe"; nocase; pcre:"/\/(ecard|postcard|gif|jpg|jpeg|cartao)\.exe/Ui"; classtype:trojan-activity; sid:2006434; rev:1;)

Added 2007-07-27 03:12:10 UTC

Should catch the storm worm and related downloads.

-- MattJonkman - 27 Jul 2007


Topic revision: r2 - 2007-07-27 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats