#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F|5c|"; content:"|0d 0a|Serverxi|3a| Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; sid:2011479; rev:4;)

Added 2014-09-12 16:28:27 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F|5c|"; content:"|0d 0a|Serverxi|3a| Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; sid:2011479; rev:2;)

Added 2011-10-12 19:32:05 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F|5c|"; content:"|0d 0a|Serverxi|3a| Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; sid:2011479; rev:2;)

Added 2011-02-04 17:31:17 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F"; content:"|0d 0a|Serverxi|3a| Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011479; rev:3;)

Added 2010-09-22 12:29:44 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F"; content:"|0d 0a|Serverxi|3a| Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011479; rev:3;)

Added 2010-09-22 12:29:44 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)"; flow:established,to_client; content:"=|5b 22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F"; content:"|0d 0a|Serverxi|3a|: Apache/Unoeuro (Unix) - Secured|0d 0a|"; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2011479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malvertising; sid:2011479; rev:2;)

Added 2010-09-13 23:44:03 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats