alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:34:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:34:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:29:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 21:29:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008741; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_PDF_Malware; sid:2008741; rev:2;)

Added 2009-02-06 19:00:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; sid:2008741; rev:1;)

Added 2008-11-08 20:06:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin"; flow:established,to_server; uricontent:"/get.php?src="; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?.5)"; classtype:trojan-activity; sid:2008741; rev:1;)

Added 2008-11-08 20:04:09 UTC


Topic revision: r1 - 2009-02-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats