EmergingThreats> Main Web>2003448 (2007-04-13, MattJonkman) EditAttach

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Humanclick.com Client Update"; flow: to_server,established; uricontent:"/hc/"; nocase; content:"?site="; nocase; content:"cmd="; nocase; content:"&scriptVersion"; nocase; content:"&page="; nocase; classtype: policy-violation; sid: 2003448; rev:1;)

Added 2007-04-13 15:00:23 UTC

Getting too many reports of false positives. Most are just ads being referenced, not a spyware infection.

-- MattJonkman - 13 Apr 2007

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Humanclick.com Client Update"; flow: to_server,established; uricontent:"/hc/"; nocase; content:"?site="; nocase; content:"cmd="; nocase; content:"&scriptVersion"; nocase; content:"&page="; nocase; classtype: policy-violation; sid: 2003448; rev:1;)

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2007-04-13 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats