alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:19; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:55:56 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:19;)

Added 2015-08-18 19:40:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:19;)

Added 2015-08-18 19:30:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; content:!"Host|3a 20|www.backupmaker.com"; http_header; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:19;)

Added 2015-08-18 19:18:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; content:!"Host|3a 20| www.backupmaker.com"; http_header; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:18;)

Added 2015-08-10 20:21:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Spyware Related User-Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; content:!"Host|3a| www.blueocean.com"; nocase; http_header; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:15;)

Added 2011-12-15 18:09:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/iH"; content:!"Host|3a| www.blueocean.com"; nocase; http_header; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; classtype:trojan-activity; sid:2002402; rev:14;)

Added 2011-10-12 19:11:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/iH"; content:!"Host|3a| www.blueocean.com"; nocase; http_header; threshold: type limit, count 1, track by_src, seconds 360; classtype:trojan-activity; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; sid:2002402; rev:14;)

Added 2011-09-14 21:39:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"UtilMind HTTPGet"; http_header; fast_pattern:only; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/iH"; content:!"Host|3a| www.blueocean.com"; nocase; http_header; threshold: type limit, count 1, track by_src, seconds 360; classtype:trojan-activity; reference:url,www.websearch.com; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2002402; rev:14;)

Added 2011-02-04 17:21:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2002402; rev:11;)

Added 2009-10-19 09:15:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious; sid:2002402; rev:11;)

Added 2009-10-19 09:15:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2002402; rev:9;)

Added 2009-02-09 21:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2002402; rev:9;)

Added 2009-02-09 21:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2002402; rev:9;)

Added 2009-02-09 21:29:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2002402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents; sid:2002402; rev:9;)

Added 2009-02-09 21:29:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:8;)

Added 2008-05-09 17:01:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; content:"UtilMind HTTPGet"; within:150; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:8;)

Added 2008-05-09 17:01:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:7;)

Added 2008-03-09 15:12:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Spyware Related User Agent (UtilMind? HTTPGet)"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:7;)

Added 2008-03-09 15:12:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Web Search User Agent 3"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:6;)

Added 2008-01-28 17:24:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Web Search User Agent 3"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:6;)

Added 2008-01-28 17:24:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Web Search User Agent 3"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:5;)

Added 2007-03-08 17:05:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Web Search User Agent 3"; flow: to_server,established; content:"User-Agent\:"; nocase; pcre:"/User-Agent\:[^\n]+UtilMind HTTPGet/i"; content:!"Host\: www.blueocean.com"; nocase; threshold: type limit, count 1, track by_src, seconds 360; reference:url,www.websearch.com; classtype:trojan-activity; sid:2002402; rev:5;)

Added 2007-03-08 16:37:29 UTC

Added content:!"Host\: www.blueocean.com"; to eliminate hits from TrackIT? software agents

-- MattJonkman - 08 Mar 2007


Topic revision: r2 - 2007-03-08 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats