alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; content:"&ID={"; http_uri; fast_pattern:only; content:"&rand="; http_uri; content:"User-Agent|3a|Mozilla/4.0 (compatible|3b|"; http_header; pcre:"/&ID=\x7b[0-9A-F]{8}(?:-[A-F0-9]{4}){3}-[A-F0-9]{12}\x7d/U"; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; classtype:trojan-activity; sid:2008474; rev:4;)

Added 2014-03-07 19:27:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; content:"?B="; http_uri; content:"&V="; http_uri; content:"&M="; http_uri; content:"&R="; http_uri; content:"&ID={"; http_uri; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; classtype:trojan-activity; sid:2008474; rev:3;)

Added 2011-10-12 19:25:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; content:"?B="; http_uri; content:"&V="; http_uri; content:"&M="; http_uri; content:"&R="; http_uri; content:"&ID={"; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; sid:2008474; rev:3;)

Added 2011-09-14 22:38:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; content:"?B="; http_uri; content:"&V="; http_uri; content:"&M="; http_uri; content:"&R="; http_uri; content:"&ID={"; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Look2me; sid:2008474; rev:3;)

Added 2011-02-04 17:27:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; uricontent:"?B="; uricontent:"&V="; uricontent:"&M="; uricontent:"&R="; uricontent:"&ID={"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Look2me; sid:2008474; rev:2;)

Added 2009-02-08 17:45:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; uricontent:"?B="; uricontent:"&V="; uricontent:"&M="; uricontent:"&R="; uricontent:"&ID={"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Look2me; sid:2008474; rev:2;)

Added 2009-02-08 17:45:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; uricontent:"?B="; uricontent:"&V="; uricontent:"&M="; uricontent:"&R="; uricontent:"&ID={"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Look2me; sid:2008474; rev:2;)

Added 2009-02-08 17:42:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; uricontent:"?B="; uricontent:"&V="; uricontent:"&M="; uricontent:"&R="; uricontent:"&ID={"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2008474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Look2me; sid:2008474; rev:2;)

Added 2009-02-08 17:42:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Look2Me? Activity"; flow:established,to_server; uricontent:"?B="; uricontent:"&V="; uricontent:"&M="; uricontent:"&R="; uricontent:"&ID={"; classtype:trojan-activity; sid:2008474; rev:1;)

Added 2008-07-25 13:00:22 UTC


Topic revision: r1 - 2014-03-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats