alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; content:"&advid="; nocase; http_uri; content:"&u="; nocase; http_uri; content:"&p="; nocase; http_uri; content:"?=______"; http_uri; content:"&vs="; nocase; http_uri; content:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; http_uri; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; classtype:trojan-activity; sid:2007593; rev:5;)

Added 2011-10-12 19:23:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; content:"&advid="; nocase; http_uri; content:"&u="; nocase; http_uri; content:"&p="; nocase; http_uri; content:"?=______"; http_uri; content:"&vs="; nocase; http_uri; content:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; sid:2007593; rev:5;)

Added 2011-09-14 22:36:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; content:"&advid="; nocase; http_uri; content:"&u="; nocase; http_uri; content:"&p="; nocase; http_uri; content:"?=______"; http_uri; content:"&vs="; nocase; http_uri; content:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_SpyShredder; sid:2007593; rev:5;)

Added 2011-02-04 17:26:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_SpyShredder; sid:2007593; rev:3;)

Added 2009-02-09 21:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_SpyShredder; sid:2007593; rev:3;)

Added 2009-02-09 21:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_SpyShredder; sid:2007593; rev:3;)

Added 2009-02-09 21:29:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2007593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_SpyShredder; sid:2007593; rev:3;)

Added 2009-02-09 21:29:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; sid:2007593; rev:2;)

Added 2008-01-28 17:24:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; sid:2007593; rev:2;)

Added 2008-01-28 17:24:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE MALWARE SpyShredder? Fake Anti-Spyware Install Download"; flow:established,to_server; uricontent:"&advid="; nocase; uricontent:"&u="; nocase; uricontent:"&p="; nocase; uricontent:"?=______"; uricontent:"&vs="; nocase; uricontent:"&YZYYYYYYYYYYYYYYYYYYYYYYYYYY"; classtype:trojan-activity; sid:2007593; rev:1;)

Added 2007-09-03 13:16:46 UTC

From the sandnet analysis

-- ShirkDog? - 19 Oct 2007


Topic revision: r2 - 2007-10-19 - ShirkDog?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats