#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)
Added 2008-03-06 02:24:21 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)
Added 2008-03-06 02:24:21 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)
Added 2008-01-28 17:24:21 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)
Added 2008-01-28 17:24:21 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)
Added 2007-08-10 01:09:21 UTC
From the sandnet analysis
--
ShirkDog? - 20 Aug 2007
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)
Added 2007-08-02 02:01:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (
WebUpdate?)"; flow:established,to_server; content:"User-Agent\:
WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)
Added 2007-07-25 00:01:54 UTC