alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Fake/Rogue AV Landing Page Encountered (hitin.php)"; flow:established,to_server; uricontent:"/hitin.php?"; nocase; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Scareware; reference:url,malwareurl.com/search.php?domain=&s=hitin.php&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; reference:url,doc.emergingthreats.net/2010552; sid:2010552; rev:2;)

Added 2009-12-22 20:30:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Fake/Rogue AV Landing Page Encountered (hitin.php)"; flow:established,to_server; uricontent:"/hitin.php?"; nocase; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Scareware; reference:url,malwareurl.com/search.php?domain=&s=hitin.php&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; reference:url,doc.emergingthreats.net/2010552; sid:2010552; rev:2;)

Added 2009-12-22 20:29:15 UTC


Topic revision: r1 - 2009-12-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats