#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)

Added 2008-03-06 02:24:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"|0d 0a|User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:3;)

Added 2008-03-06 02:24:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)

Added 2008-01-28 17:24:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:2;)

Added 2008-01-28 17:24:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-08-10 01:09:21 UTC

From the sandnet analysis

-- ShirkDog? - 20 Aug 2007


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-08-02 02:01:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate?)"; flow:established,to_server; content:"User-Agent\: WebUpdate?|0d 0a|"; classtype:trojan-activity; sid:2006424; rev:1;)

Added 2007-07-25 00:01:54 UTC


Topic revision: r2 - 2007-08-20 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats