2006424 < Main < EmergingThreats

EmergingThreats>

Main Web>2006424 (2007-08-20, ShirkDog?)

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)

Added 2008-03-06 02:24:21 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)

Added 2008-03-06 02:24:21 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)

Added 2008-01-28 17:24:21 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)

Added 2008-01-28 17:24:21 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-08-10 01:09:21 UTC

From the sandnet analysis

-- ShirkDog? - 20 Aug 2007

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-08-02 02:01:22 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-07-25 00:01:54 UTC

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r2 - 2007-08-20 - ShirkDog?

Main

Log In

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats