alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN FakeAV?.chhq Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"|2f|index|2e|php|3f 30 64 34 30 62 30 3d|"; http_uri; fast_pattern; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:9;)

Added 2014-06-19 18:11:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Fake antivirus check-in"; flow:established,to_server; content:"GET"; nocase; http_method; content:"|2f|index|2e|php|3f 30 64 34 30 62 30 3d|"; http_uri; fast_pattern; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:8;)

Added 2012-03-19 23:39:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Fake antivirus check-in"; flow:established,to_server; content:"GET"; http_method; content:"|2f|index|2e|php|3f 30 64 34 30 62 30 3d|"; http_uri; fast_pattern; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:7;)

Added 2011-12-19 18:45:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Fake antivirus check-in"; flow:established,to_server; content:"GET"; http_method; content:"|2f|index|2e|php|3f 30 64 34 30 62 30 3d|"; http_uri; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:6;)

Added 2011-10-12 19:34:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Fake antivirus check-in"; flow:established,to_server; content:"GET"; http_method; content:"|2f|index|2e|php|3f 30 64 34 30 62 30 3d|"; http_uri; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:6;)

Added 2011-04-02 15:59:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Fake antivirus check-in"; flow:established,to_server; content:"GET"; http_method; content:"|2f|index|2e|php|3f|0d40b0|3d|"; http_header; content:"User-Agent|3A| Mozilla|2f|3|2e|0"; http_header; classtype:trojan-activity; sid:2012620; rev:2;)

Added 2011-03-31 20:32:19 UTC


Topic revision: r1 - 2014-06-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats