alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; content:".php?"; http_uri; content:"c="; http_uri; content:"&v="; http_uri; content:"&b="; http_uri; content:"&id="; http_uri; content:"&cnt="; http_uri; fast_pattern; content:"&q="; http_uri; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; classtype:trojan-activity; sid:2007743; rev:10; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:00:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; content:".php?"; http_uri; content:"c="; http_uri; content:"&v="; http_uri; content:"&b="; http_uri; content:"&id="; http_uri; content:"&cnt="; http_uri; fast_pattern:only; content:"&q="; http_uri; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; classtype:trojan-activity; sid:2007743; rev:8;)

Added 2011-10-12 19:23:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; content:".php?"; http_uri; content:"c="; http_uri; content:"&v="; http_uri; content:"&b="; http_uri; content:"&id="; http_uri; content:"&cnt="; http_uri; fast_pattern:only; content:"&q="; http_uri; classtype:trojan-activity; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; sid:2007743; rev:8;)

Added 2011-09-14 22:37:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; content:".php?"; http_uri; content:"c="; http_uri; content:"&v="; http_uri; content:"&b="; http_uri; content:"&id="; http_uri; content:"&cnt="; http_uri; fast_pattern:only; content:"&q="; http_uri; classtype:trojan-activity; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers; sid:2007743; rev:8;)

Added 2011-02-04 17:26:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers; sid:2007743; rev:4;)

Added 2010-02-08 10:47:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d; reference:url,doc.emergingthreats.net/2007743; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers; sid:2007743; rev:4;)

Added 2010-02-08 10:47:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007743; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers; sid:2007743; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2007743; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers; sid:2007743; rev:3;)

Added 2009-02-12 18:21:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:2;)

Added 2008-01-31 10:12:22 UTC

sample: # http://searchmeup.biz/img/cmd.php?c=r&v=22&b=3024&id=9F78159&cnt=ENU&q=218F5E

more details on this threat at http://www.threatexpert.com/report.aspx?md5=d1f39ac457f2cadd279136f66bc0810c

-- RussellFulton - 09 Dec 2008


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:2;)

Added 2008-01-31 10:12:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:1;)

Added 2008-01-09 17:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:1;)

Added 2008-01-09 15:15:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:1;)

Added 2008-01-08 20:25:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:1;)

Added 2008-01-08 17:58:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Dialer.qn HTTP Request - Checkin"; flow:established,to_server; uricontent:".php?"; uricontent:"c="; uricontent:"&v="; uricontent:"&b="; uricontent:"&id="; uricontent:"&cnt="; uricontent:"&q="; classtype:trojan-activity; sid:2007743; rev:1;)

Added 2008-01-08 17:58:06 UTC


Topic revision: r2 - 2008-12-09 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats