#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; content:"/internal/"; http_uri; content:"prodID=nl&licID="; http_uri; content:"&prodVer="; http_uri; content:"Host|3A| www.newsleecher.com"; http_header; reference:url,doc.emergingthreats.net/2009095; classtype:policy-violation; sid:2009095; rev:3;)

Added 2011-10-12 19:26:37 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; content:"/internal/"; http_uri; content:"prodID=nl&licID="; http_uri; content:"&prodVer="; http_uri; content:"Host|3A| www.newsleecher.com"; http_header; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009095; sid:2009095; rev:3;)

Added 2011-09-14 22:39:59 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; content:"/internal/"; http_uri; content:"prodID=nl&licID="; http_uri; content:"&prodVer="; http_uri; content:"Host|3A| www.newsleecher.com"; http_header; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Newzbin; sid:2009095; rev:3;)

Added 2011-02-04 17:28:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; uricontent:"/internal/internal_loader.v2.php?"; uricontent:"prodID=nl&licID="; uricontent:"&prodVer="; content:"|0d 0a|Host|3A| www.newsleecher.com"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Newzbin; sid:2009095; rev:2;)

Added 2009-04-06 13:22:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zbot/Zeus Dropper Infection - /check"; flow:established,to_server; uricontent:"/check"; content:"|0d 0a|User-Agent\: Microsoft Internet Explorer|0d 0a|"; content:"|0d 0a|Cache-Control\: no-cache|0d 0a|"; within:30; classtype:trojan-activity; sid:2009095; rev:1;)

Added 2009-04-06 13:12:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; uricontent:"/internal/internal_loader.v2.php?"; uricontent:"prodID=nl&licID="; uricontent:"&prodVer="; content:"|0d 0a|Host|3A| www.newsleecher.com"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Newzbin; sid:2009095; rev:2;)

Added 2009-02-23 21:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; uricontent:"/internal/internal_loader.v2.php?"; uricontent:"prodID=nl&licID="; uricontent:"&prodVer="; content:"|0d 0a|Host|3A| www.newsleecher.com"; classtype:policy-violation; reference:url,doc.emergingthreats.net/2009095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Newzbin; sid:2009095; rev:2;)

Added 2009-02-23 21:00:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Newzbin Usenet Reader License Check"; flow:established,to_server; uricontent:"/internal/internal_loader.v2.php?"; uricontent:"prodID=nl&licID="; uricontent:"&prodVer="; content:"|0d 0a|Host|3A| www.newsleecher.com"; classtype:policy-violation; sid:2009095; rev:1;)

Added 2009-02-23 18:30:24 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats