alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:4; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008371; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2008371; rev:6;)

Added 2009-03-13 20:47:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:4; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008371; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2008371; rev:6;)

Added 2009-03-13 20:47:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:5; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008371; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2008371; rev:5;)

Added 2009-02-09 22:22:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:5; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; sid:2008371; rev:4;)

Added 2008-07-23 10:00:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:5; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; sid:2008371; rev:4;)

Added 2008-07-23 10:00:23 UTC


alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:5; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; sid:2008371; rev:3;)

Added 2008-07-07 10:21:57 UTC


alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent)"; flow: established; content:"GET "; depth:5; content:"success"; offset:5; depth:80; content:"User-Agent\: NSISDL/1."; nocase; classtype: trojan-activity; sid:2008371; rev:3;)

Added 2008-07-07 10:21:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Likely Ad-ware installation phoning home"; flow: established; content:"GET "; depth:4; content:"success"; offset:4; depth:80; content:"User-Agent\: NSISDL/1.2"; nocase; classtype: trojan-activity; sid:2008371; rev:3;)

Added 2008-07-07 09:38:10 UTC


Topic revision: r1 - 2009-03-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats