alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/webhp"; http_uri; content:"Accept|3a| */*|0d 0a|Pragma|3a| no-cache|0d 0a|User-Agent|3a| "; depth:43; http_header; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"Referer|3a| "; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2014105; rev:4; metadata:created_at 2012_01_09, updated_at 2012_01_09;)

Added 2017-08-07 21:07:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/webhp"; http_uri; fast_pattern:only; content:"Accept|3a| */*|0d 0a|Pragma|3a| no-cache|0d 0a|User-Agent|3a| "; depth:43; http_header; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"Referer|3a| "; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2014105; rev:5;)

Added 2012-07-24 23:15:44 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/webhp"; http_uri; depth:6; content:"|0d 0a|Accept|3a| */*|0d 0a|Pragma|3a| no-cache|0d 0a|User-Agent|3a| "; depth:65; content:"|0d 0a|Host|3a| "; distance:0; content:!"Referer|3a| "; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2014105; rev:2;)

Added 2012-03-14 18:18:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy"; flow:established,to_server; content:"GET"; http_method; content:"/webhp HTTP/1."; content:"|0d 0a|Accept|3a| */*|0d 0a|Pragma|3a| no-cache|0d 0a|User-Agent|3a| "; distance:1; within:45; content:"|0d 0a|Host|3a| "; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"/webhp"; http_uri; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2014105; rev:1;)

Added 2012-01-09 22:46:51 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats