alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Opera/9.10"; http_header; content:"|3b| Ucheck"; http_header; fast_pattern; pcre:"/User-Agent\x3a[^\n]+\x3b\sUcheck/Hmi"; reference:url,doc.emergingthreats.net/2009081; classtype:trojan-activity; sid:2009081; rev:5;)

Added 2011-10-12 19:26:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Opera/9.10"; http_header; content:"|3b| Ucheck"; http_header; fast_pattern; pcre:"/User-Agent\x3a[^\n]+\x3b\sUcheck/Hmi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009081; sid:2009081; rev:5;)

Added 2011-09-14 22:39:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"User-Agent|3a| "; http_header; content:"Opera/9.10"; http_header; content:"|3b| Ucheck"; http_header; fast_pattern; pcre:"/User-Agent\x3a[^\n]+\x3b\sUcheck/Hmi"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009081; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Password_Stealer; sid:2009081; rev:5;)

Added 2011-02-04 17:28:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Opera/9.10"; distance:0; content:"\; Ucheck"; pcre:"/User-Agent\:[^\n]+\;\sUcheck/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009081; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Password_Stealer; sid:2009081; rev:2;)

Added 2009-02-13 19:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Opera/9.10"; distance:0; content:"\; Ucheck"; pcre:"/User-Agent\:[^\n]+\;\sUcheck/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009081; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Password_Stealer; sid:2009081; rev:2;)

Added 2009-02-13 19:30:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Password Stealer - User-Agent (Ucheck)"; flow:established,to_server; content:"|0d 0a|User-Agent\: "; content:"Opera/9.10"; distance:0; content:"\; Ucheck"; pcre:"/User-Agent\:[^\n]+\;\sUcheck/"; classtype:trojan-activity; sid:2009081; rev:1;)

Added 2009-02-10 12:55:55 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats