alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila 4.0...)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; sid:2006412; rev:2;)

Added 2008-01-28 17:24:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila 4.0...)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; sid:2006412; rev:2;)

Added 2008-01-28 17:24:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila 4.0...)"; flow:to_server,established; content:"User-Agent\: Mozila"; nocase; classtype:trojan-activity; sid:2006412; rev:1;)

Added 2007-07-19 06:45:58 UTC

From the sandnet analysis. A misspelling that is not seen in any Mozilla software.

-- ShirkDog? - 08 Aug 2007


Topic revision: r2 - 2007-08-08 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats