alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"Opera/8.81 (Windows NT 6.0|3b 20|U|3b 20|en)"; http_user_agent; depth:34; isdataat:!1,relative; metadata: former_category USER_AGENTS; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:8; metadata:created_at 2010_07_30, updated_at 2019_10_11;)
Added 2019-10-11 19:56:30 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:7; metadata:created_at 2010_07_30, updated_at 2019_09_26;)
Added 2019-09-26 19:56:27 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)
Added 2018-09-13 19:40:41 UTC
Added 2018-09-13 17:54:19 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)
Added 2017-10-30 18:17:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; metadata: former_category TROJAN; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:6; metadata:created_at 2010_07_30, updated_at 2017_10_30;)
Added 2017-10-30 16:39:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 21:02:40 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; classtype:trojan-activity; sid:2009525; rev:5;)
Added 2011-10-12 19:27:37 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; classtype:trojan-activity; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; sid:2009525; rev:5;)
Added 2011-09-14 22:40:55 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Opera/8.81 (Windows NT 6.0|3b| U|3b| en)|0d0a|"; http_header; classtype:trojan-activity; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:5;)
Added 2011-02-04 17:28:52 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:2;)
Added 2009-07-09 18:45:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sality; sid:2009525; rev:2;)
Added 2009-07-09 18:45:36 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Sality - Fake Opera User-Agent"; flow:established,to_server; content:"GET "; depth:5; content:"|0d0a|User-Agent\: Opera/8.81 (Windows NT 6.0\; U\; en)|0d0a|"; reference:url,www.spywareremove.com/removeTrojanDownloaderSalityG.html; reference:url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM; classtype:trojan-activity; sid:2009525; rev:1;)
Added 2009-07-09 13:37:47 UTC