#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Possible Fast Flux Trojan Rogue Antivirus"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/SecurIns_194.exe"; http_uri; nocase; reference:url,www.malwareurl.com/listing.php?domain=microantivirus5.com; classtype:bad-unknown; sid:2012332; rev:3;)

Added 2014-08-28 18:33:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Fast Flux Trojan Rogue Antivirus"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/SecurIns_194.exe"; http_uri; nocase; reference:url,www.malwareurl.com/listing.php?domain=microantivirus5.com; classtype:bad-unknown; sid:2012332; rev:1;)

Added 2011-10-12 19:34:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Fast Flux Trojan Rogue Antivirus"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/SecurIns_194.exe"; http_uri; nocase; classtype:bad-unknown; reference:url,www.malwareurl.com/listing.php?domain=microantivirus5.com; sid:2012332; rev:1;)

Added 2011-02-22 16:49:53 UTC


Topic revision: r1 - 2014-08-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats