alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; fast_pattern:20,20; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012802; rev:5; metadata:created_at 2011_05_10, updated_at 2011_05_10;)

Added 2017-08-07 21:05:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; fast_pattern:20,20; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012802; rev:5;)

Added 2014-08-28 18:33:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; fast_pattern:20,20; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012802; rev:3;)

Added 2011-12-15 18:09:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012802; rev:2;)

Added 2011-10-12 19:35:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; classtype:trojan-activity; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; sid:2012802; rev:2;)

Added 2011-07-12 12:24:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Spoofed MSIE 8 User-Agent Likely Ponmocup"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0 (Windows|3b| U|3b| MSIE 8.0|3b| Windows NT 6.0|3b| en-US)|0d 0a|"; http_header; classtype:trojan-activity; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; sid:2012802; rev:2;)

Added 2011-07-11 15:32:46 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats