alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"Optix Pro v"; content:"Installed Trojan Port|3a|"; distance:0; reference:url,en.wikipedia.org/wiki/Optix_Pro; classtype:trojan-activity; sid:2008212; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"Optix Pro v"; content:"Installed Trojan Port|3a|"; distance:0; reference:url,en.wikipedia.org/wiki/Optix_Pro; classtype:trojan-activity; sid:2008212; rev:5;)

Added 2013-08-19 22:51:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority|3a| 3|0d 0a|X-Library|3a| Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; reference:url,en.wikipedia.org/wiki/Optix_Pro; reference:url,doc.emergingthreats.net/2008212; classtype:trojan-activity; sid:2008212; rev:4;)

Added 2011-10-12 19:24:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority|3a| 3|0d 0a|X-Library|3a| Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; reference:url,doc.emergingthreats.net/2008212; sid:2008212; rev:4;)

Added 2011-09-14 22:38:07 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority|3a| 3|0d 0a|X-Library|3a| Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; reference:url,doc.emergingthreats.net/2008212; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Optix; sid:2008212; rev:4;)

Added 2011-02-04 17:27:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority\: 3|0d 0a|X-Library\: Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; reference:url,doc.emergingthreats.net/2008212; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Optix; sid:2008212; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority\: 3|0d 0a|X-Library\: Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; reference:url,doc.emergingthreats.net/2008212; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Optix; sid:2008212; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority\: 3|0d 0a|X-Library\: Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; sid:2008212; rev:2;)

Added 2008-05-13 14:19:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority\: 3|0d 0a|X-Library\: Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; reference:url,en.wikipedia.org/wiki/Optix_Pro; sid:2008212; rev:2;)

Added 2008-05-13 14:19:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email"; flow:established,to_server; content:"|0d 0a|X-Priority\: 3|0d 0a|X-Library\: Indy "; content:"|0d 0a 0d 0a|Optix Pro v"; distance:4; within:25; classtype:trojan-activity; sid:2008212; rev:1;)

Added 2008-05-13 09:29:26 UTC

RE 9fcea128aeff455ff8f6c9558dd150fd

Sends an email like so:

From: xxxxxxxxxx@yahoo.com
Subject: (<(2333)>)x133 is Online
To: xxxxxxxxx@mail2world.com
Sender: xxxxxxx@yahoo.com
Date: Tue, 13 May 2008 05:14:22 -0400
X-Priority: 3
X-Library: Indy 8.0.22

Optix Pro v1.0 Vic: (<(2333)>)x133 is Online

IP ADDRESS=[192.168.3.2]
Server Port=3410

Server Password=xxxx
.

-- MattJonkman - 13 May 2008


Topic revision: r2 - 2008-05-13 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats