alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; flow:established,from_server; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; classtype:trojan-activity; sid:2011680; rev:4;)

Added 2011-10-12 19:32:23 UTC

The link above does not work anymore. The article can be found at http://labs.m86security.com/2010/06/skype-extras-manager-vulnerability-found-in-the-wild/

quid of adding a date in the msgs of ET CURRENT_EVENTS sigs, as for instance for this one I doubt it is still very "current"

-- StephaneChazelas - 19 Sep 2012

Thanks Stephane. Will drop the sig.

We are looking to add a created and last updated date in meta in sigs in the not too distant future. Ought to be useful we think!

-- MattJonkman - 19 Sep 2012


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; flow:established,from_server; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; classtype:trojan-activity; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; sid:2011680; rev:4;)

Added 2011-09-14 22:45:12 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; flow:established,from_server; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; classtype:trojan-activity; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Skype; sid:2011680; rev:4;)

Added 2011-02-04 17:31:26 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; flow:established,from_server; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Skype; classtype:trojan-activity; sid:2011680; rev:4;)

Added 2010-06-29 20:40:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; flow:established,from_server; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Skype; classtype:trojan-activity; sid:2011680; rev:4;)

Added 2010-06-29 20:40:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Skype; sid:2011680; rev:2;)

Added 2010-06-18 13:31:11 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; reference:url,doc.emergingthreats.net/2011680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Skype; sid:2011680; rev:2;)

Added 2010-06-18 13:31:11 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Skype Easybits Extras Manager - Exploit"; content:"gygte"; nocase; content:"gygte"; nocase; distance:0; reference:url,www.m86security.com/labs/traceitem.asp?article=1347; sid:2011680; rev:1;)

Added 2010-06-18 13:16:13 UTC


Topic revision: r3 - 2012-09-19 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats