EditAttachPrintable
r1 - 10 Sep 2008 - 19:15:21 - TWikiGuestYou are here: TWiki >  Main Web > 2008490

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.Win32.E-Group.n Checkin"; flow:to_server,established; uricontent:"login="; nocase; uricontent:"&brokerid="; nocase; uricontent:"&extlogin="; nocase; uricontent:"&autosize="; nocase; uricontent:"&icp="; nocase; uricontent:"&id_site="; nocase; uricontent:"&referer1="; nocase; uricontent:"&dl_tracker="; nocase; uricontent:"&connection_type="; nocase; classtype:trojan-activity; sid:2008490; rev:2;)

Added 2008-09-10 15:15:21 UTC

 

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.Win32.E-Group.n Checkin"; flow:to_server,established; uricontent:"login="; nocase; uricontent:"&brokerid="; nocase; uricontent:"&extlogin="; nocase; uricontent:"&autosize="; nocase; uricontent:"&icp="; nocase; uricontent:"&id_site="; nocase; uricontent:"&referer1="; nocase; uricontent:"&dl_tracker="; nocase; uricontent:"&connection_type="; nocase; classtype:trojan-activity; sid:2008490; rev:2;)

Added 2008-09-10 15:15:21 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dialer.Win32.E-Group.n Checkin"; flow:to_server,established; uricontent:"login="; nocase; uricontent:"&brokerid="; nocase; uricontent:"&extlogin="; nocase; uricontent:"&autosize="; nocase; uricontent:"&icp="; nocase; uricontent:"&id_site="; nocase; uricontent:"&referer1="; nocase; uricontent:"&dl_tracker="; nocase; uricontent:"&connection_type="; nocase; sid:2008490; rev:1;)

Added 2008-08-02 17:00:22 UTC

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback