alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET"; nocase; http_method; content:"hash?http"; nocase; http_uri; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; reference:url,doc.emergingthreats.net/2007566; classtype:trojan-activity; sid:2007566; rev:7;)

Added 2011-10-12 19:23:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET"; nocase; http_method; content:"hash?http"; nocase; http_uri; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007566; sid:2007566; rev:7;)

Added 2011-09-14 22:36:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET"; nocase; http_method; content:"hash?http"; nocase; http_uri; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007566; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_MisleadApp; sid:2007566; rev:7;)

Added 2011-02-04 17:26:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007566; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_MisleadApp; sid:2007566; rev:4;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007566; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_MisleadApp; sid:2007566; rev:4;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev:3;)

Added 2008-06-26 12:27:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev:3;)

Added 2008-06-26 12:27:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev:2;)

Added 2008-01-31 10:12:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev: 1;)

Added 2007-08-29 09:46:50 UTC

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-061114-0840-99

-- ShirkDog? - 29 Aug 2007


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN MisleadApp? Fake Security Product Install"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"hash?http"; nocase; pcre:"/\/(ucleaner|udefender|ufixer)\.com\/demo\.php\?/Ui"; classtype:trojan-activity; sid:2007566; rev: 1;)

Added 2007-08-15 05:06:51 UTC


Topic revision: r3 - 2007-08-29 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats