alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*antiv[^\n]+\.exe/Hi"; classtype:trojan-activity; sid:2012753; rev:3;)

Added 2011-10-12 19:35:08 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*antiv[^\n]+\.exe/Hi"; classtype:trojan-activity; sid:2012753; rev:3;)

Added 2011-06-08 23:52:19 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*antiv/Hi"; classtype:trojan-activity; sid:2012753; rev:2;)

Added 2011-05-02 21:04:32 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*anti/Hi"; classtype:trojan-activity; sid:2012753; rev:1;)

Added 2011-05-02 14:42:52 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*anti/Hi"; classtype:trojan-activity; sid:2012753; rev:1;)

Added 2011-05-02 14:23:37 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*anti/Hi"; classtype:trojan-activity; sid:2012753; rev:1;)

Added 2011-05-02 14:04:15 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*anti/Hi"; classtype:trojan-activity; sid:2012753; rev:1;)

Added 2011-05-01 20:54:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV? Binary Download"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"antiv"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*anti/Hi"; classtype:trojan-activity; sid:2012753; rev:1;)

Added 2011-04-29 17:39:44 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats