alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING String(evafeds.substr JavaScript? detected"; flow:established,to_client; content:"Server|3a| nginx|0d 0a|"; content:"Server|3a| nginx"; content:"=new String(|27|"; content:".substr("; content:".substr("; content:"=new String(|27|unescape|27|)"; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011313; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011313; rev:3;)

Added 2010-08-17 12:27:13 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING String(evafeds.substr JavaScript? detected"; flow:established,to_client; content:"Server|3a| nginx|0d 0a|"; content:"Server|3a| nginx"; content:"=new String(|27|"; content:".substr("; content:".substr("; content:"=new String(|27|unescape|27|)"; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011313; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011313; rev:3;)

Added 2010-08-17 12:27:13 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING String(evafeds.substr JavaScript? detected"; flow:established,to_client; content:"Server|3a| nginx|0d 0a|"; content:"=new String(|27|evafeds|27|.substr(0,3)+|27|bruller|27|.substr(3,1))|3b|"; depth:80; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011313; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011313; rev:2;)

Added 2010-08-10 14:38:51 UTC


Topic revision: r1 - 2010-08-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats