alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/automation/n09230945.asp"; content:"|0d 0a|User-Agent\: Mozilla/5.0 (X11\; U\; Linux i686\; en-US\; rv\:1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a 0d 0a|"; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/20110071; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fruspam; sid:20110071; rev:2;)

Added 2010-04-26 20:15:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/automation/n09230945.asp"; content:"|0d 0a|User-Agent\: Mozilla/5.0 (X11\; U\; Linux i686\; en-US\; rv\:1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a 0d 0a|"; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/20110071; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fruspam; sid:20110071; rev:2;)

Added 2010-04-26 20:15:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/automation/n09230945.asp"; content:"|0d 0a|User-Agent\: Mozilla/5.0 (X11\; U\; Linux i686\; en-US\; rv\:1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a 0d 0a|"; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; sid:20110071; rev:1;)

Added 2010-04-26 10:34:58 UTC


Topic revision: r1 - 2010-04-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats