alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"www.bing.com"; http_host; depth:12; isdataat:!1,relative; content:"|3a 20|no-cache"; http_header; http_start; content:"GET / HTTP/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|Connection|3a 20|Close|0d 0a|User-Agent|3a 20|"; depth:60; http_header_names; content:!"Referer"; metadata: former_category MALWARE; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:4; metadata:created_at 2011_08_30, updated_at 2020_02_04;)

Added 2020-02-04 20:21:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET"; nocase; http_method; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; metadata: former_category MALWARE; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:3; metadata:created_at 2011_08_30, updated_at 2011_08_30;)

Added 2019-09-26 19:56:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET"; nocase; http_method; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:3; metadata:created_at 2011_08_30, updated_at 2011_08_30;)

Added 2018-09-13 19:43:31 UTC


Added 2018-09-13 17:55:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET"; nocase; http_method; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:3; metadata:created_at 2011_08_30, updated_at 2011_08_30;)

Added 2017-08-07 21:06:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2013488; rev:1;)

Added 2011-10-12 19:36:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| www.bing.com"; distance:0; content:!"|0d 0a|Referer|3a| "; nocase; content:"|3a| no-cache"; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2013488; rev:1;)

Added 2011-08-31 10:23:42 UTC


Topic revision: r1 - 2020-02-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats