alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?url="; nocase; http_uri; content:"&affid="; http_uri; fast_pattern; nocase; content:"User-Agent|3a| Mozilla/5.0 (compatible|3b| MSIE 6.0|3b| Windows XP)|0d 0a|"; http_header; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; reference:url,doc.emergingthreats.net/2009554; classtype:trojan-activity; sid:2009554; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?url="; nocase; http_uri; content:"&affid="; http_uri; fast_pattern; nocase; content:"User-Agent|3a| Mozilla/5.0 (compatible|3b| MSIE 6.0|3b| Windows XP)|0d 0a|"; http_header; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; reference:url,doc.emergingthreats.net/2009554; classtype:trojan-activity; sid:2009554; rev:5;)

Added 2011-10-12 19:27:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?url="; nocase; http_uri; content:"&affid="; http_uri; fast_pattern; nocase; content:"User-Agent|3a| Mozilla/5.0 (compatible|3b| MSIE 6.0|3b| Windows XP)|0d 0a|"; http_header; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; sid:2009554; rev:5;)

Added 2011-09-14 22:40:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"?url="; nocase; http_uri; content:"&affid="; http_uri; fast_pattern; nocase; content:"User-Agent|3a| Mozilla/5.0 (compatible|3b| MSIE 6.0|3b| Windows XP)|0d 0a|"; http_header; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; sid:2009554; rev:5;)

Added 2011-02-04 17:28:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"?url="; nocase; uricontent:"&affid="; nocase; content:"|0d 0a|User-Agent\: Mozilla/5.0 (compatible\; MSIE 6.0\; Windows XP)|0d 0a|"; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; sid:2009554; rev:2;)

Added 2009-07-13 21:48:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"?url="; nocase; uricontent:"&affid="; nocase; content:"|0d 0a|User-Agent\: Mozilla/5.0 (compatible\; MSIE 6.0\; Windows XP)|0d 0a|"; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; sid:2009554; rev:2;)

Added 2009-07-13 21:48:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"?url="; nocase; uricontent:"&affid="; nocase; content:"|0d 0a|User-Agent\: Mozilla/5.0 (compatible\; MSIE 6.0\; Windows XP)|0d 0a|"; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; sid:2009554; rev:2;)

Added 2009-07-13 21:45:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"?url="; nocase; uricontent:"&affid="; nocase; content:"|0d 0a|User-Agent\: Mozilla/5.0 (compatible\; MSIE 6.0\; Windows XP)|0d 0a|"; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV; sid:2009554; rev:2;)

Added 2009-07-13 21:45:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN FAKE/ROGUE AV/Security Application Checkin"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"?url="; nocase; uricontent:"&affid="; nocase; content:"|0d 0a|User-Agent\: Mozilla/5.0 (compatible\; MSIE 6.0\; Windows XP)|0d 0a|"; nocase; pcre:"/\?url=[0-9]&affid=[0-9]{5}/Ui"; classtype:trojan-activity; sid:2009554; rev:1;)

Added 2009-07-13 18:45:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats