alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; content:"/friendship/email_thank_you.php?"; http_uri; nocase; content:"folder_id="; http_uri; nocase; content:"&params_count="; http_uri; nocase; content:"&nick_name="; http_uri; nocase; content:"&user_email="; http_uri; nocase; content:"&user_uin="; http_uri; nocase; content:"&friend_nickname="; http_uri; nocase; content:"&friend_contact="; http_uri; nocase; reference:url,doc.emergingthreats.net/2008351; classtype:policy-violation; sid:2008351; rev:3;)

Added 2011-10-12 19:24:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; content:"/friendship/email_thank_you.php?"; http_uri; nocase; content:"folder_id="; http_uri; nocase; content:"&params_count="; http_uri; nocase; content:"&nick_name="; http_uri; nocase; content:"&user_email="; http_uri; nocase; content:"&user_uin="; http_uri; nocase; content:"&friend_nickname="; http_uri; nocase; content:"&friend_contact="; http_uri; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008351; sid:2008351; rev:3;)

Added 2011-09-14 22:38:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; content:"/friendship/email_thank_you.php?"; http_uri; nocase; content:"folder_id="; http_uri; nocase; content:"&params_count="; http_uri; nocase; content:"&nick_name="; http_uri; nocase; content:"&user_email="; http_uri; nocase; content:"&user_uin="; http_uri; nocase; content:"&friend_nickname="; http_uri; nocase; content:"&friend_contact="; http_uri; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008351; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_ICQ; sid:2008351; rev:3;)

Added 2011-02-04 17:27:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; uricontent:"/friendship/email_thank_you.php?"; nocase; uricontent:"folder_id="; nocase; uricontent:"&params_count="; nocase; uricontent:"&nick_name="; nocase; uricontent:"&user_email="; nocase; uricontent:"&user_uin="; nocase; uricontent:"&friend_nickname="; nocase; uricontent:"&friend_contact="; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008351; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_ICQ; sid:2008351; rev:2;)

Added 2009-02-11 19:15:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; uricontent:"/friendship/email_thank_you.php?"; nocase; uricontent:"folder_id="; nocase; uricontent:"&params_count="; nocase; uricontent:"&nick_name="; nocase; uricontent:"&user_email="; nocase; uricontent:"&user_uin="; nocase; uricontent:"&friend_nickname="; nocase; uricontent:"&friend_contact="; nocase; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008351; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_IM_ICQ; sid:2008351; rev:2;)

Added 2009-02-11 19:15:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports"; flow:established,to_server; uricontent:"/friendship/email_thank_you.php?"; nocase; uricontent:"folder_id="; nocase; uricontent:"&params_count="; nocase; uricontent:"&nick_name="; nocase; uricontent:"&user_email="; nocase; uricontent:"&user_uin="; nocase; uricontent:"&friend_nickname="; nocase; uricontent:"&friend_contact="; nocase; classtype:policy-violation; sid:2008351; rev:1;)

Added 2008-06-26 11:29:52 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats