alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; content:"/tasksz.php?"; fast_pattern:only; http_uri; content:"User-Agent|3a| Google Bot|0d 0a|"; http_header; pcre:"/\/tasksz\.php\?(?:dc|load)/U"; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; classtype:trojan-activity; sid:2010288; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:03:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; content:"/tasksz.php?"; fast_pattern:only; http_uri; content:"User-Agent|3a| Google Bot|0d 0a|"; http_header; pcre:"/\/tasksz\.php\?(?:dc|load)/U"; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; classtype:trojan-activity; sid:2010288; rev:4;)

Added 2014-06-12 17:07:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; content:"/tasksz.php?load="; nocase; http_uri; content:"&id="; nocase; http_uri; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; classtype:trojan-activity; sid:2010288; rev:3;)

Added 2011-10-12 19:29:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; content:"/tasksz.php?load="; nocase; http_uri; content:"&id="; nocase; http_uri; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; sid:2010288; rev:3;)

Added 2011-09-14 22:42:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; content:"/tasksz.php?load="; nocase; http_uri; content:"&id="; nocase; http_uri; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Scar; sid:2010288; rev:3;)

Added 2011-02-04 17:29:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; uricontent:"/tasksz.php?load="; nocase; uricontent:"&id="; nocase; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Scar; sid:2010288; rev:2;)

Added 2009-11-18 21:00:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; uricontent:"/tasksz.php?load="; nocase; uricontent:"&id="; nocase; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; reference:url,doc.emergingthreats.net/2010288; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Scar; sid:2010288; rev:2;)

Added 2009-11-18 21:00:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32/Scar Downloader Request"; flow:established,to_server; uricontent:"/tasksz.php?load="; nocase; uricontent:"&id="; nocase; pcre:"/tasksz\.php\?load=[0-9a-f]{32}&id=\d+$/U"; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml; sid:2010288; rev:1;)

Added 2009-11-10 14:45:40 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats