alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)

Added 2008-04-02 08:53:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)

Added 2008-04-02 08:53:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)

Added 2008-04-02 08:49:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)

Added 2008-04-02 08:49:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;)

Added 2008-03-24 23:55:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;)

Added 2008-03-24 23:55:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:9;)

Added 2008-02-01 14:32:22 UTC

This one also detects dell support as MyWebSearch?:

Topic revision: r2 - 2008-03-24 - JackPepper
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats