alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent|3a| Mozila"; nocase; http_header; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; classtype:trojan-activity; sid:2008210; rev:6;)

Added 2011-12-15 18:09:36 UTC

False Positive: LG TVs (Model:55LW5600-UA) have a miss spelled User-Agent "Mozila". See pcap.

-- RobFisher - 12 Jun 2012

Hello. We also have FP

PCAP:

GET /fts/gftsDownload.lge?biz_code=APP_STORE&func_code=APP_ICON&file_path=/appstore/app/icon/20170203/16911320.png HTTP/1.1 Host: ngfts.lge.com Accept: / User-Agent:Mozila/4.0

More information at http://co.lgappstv.com.hypestat.com/

Thank you

-- MaksymParpaley - 2017-03-09


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent|3a| Mozila"; nocase; http_header; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; classtype:trojan-activity; sid:2008210; rev:6;)

Added 2011-10-12 19:24:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent|3a| Mozila"; nocase; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; sid:2008210; rev:6;)

Added 2011-09-14 22:38:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent|3a| Mozila"; nocase; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2008210; rev:6;)

Added 2011-02-04 17:27:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2008210; rev:4;)

Added 2009-10-19 09:15:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2008210; rev:4;)

Added 2009-10-19 09:15:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008210; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2008210; rev:2;)

Added 2009-02-09 22:22:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; sid:2008210; rev:1;)

Added 2008-05-13 08:55:03 UTC


Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatpcap LG-user-agent-Mozila.pcap manage 0.7 K 2012-06-12 - 15:42 RobFisher LG TV user agent "mozila" pcap.
Topic revision: r3 - 2017-03-09 - MaksymParpaley
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats