EmergingThreats> Main Web>2001564 (revision 3)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)

Added 2009-02-08 17:45:22 UTC

For more information on MarketScore?.com spyware;

http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99&tabid=3

-- PaulEdwards - 29 Apr 2009

I'm seeing what appear to be false +ves from securestudies.com -- same proxy software but legit use ? McAfee? site advisor thinks it is OK

-- RussellFulton - 17 May 2010


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)

Added 2009-02-08 17:45:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)

Added 2009-02-08 17:42:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)

Added 2009-02-08 17:42:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:5;)

Added 2008-01-28 17:24:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:5;)

Added 2008-01-28 17:24:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:4; )



Edit | Attach | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2010-05-17 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats