alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN KillAV? Downloader - GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php?id="; nocase; uricontent:"&key="; nocase; uricontent:"&p="; nocase; content:"&p="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FKillav.DK&ThreatID=142699; reference:url,www.im-infected.com/trojan/trojanwin32killav-dk.html; reference:url,www.bitdefender.com/VIRUS-1000499-en--Trojan.KillAV.PT.html; reference:url,doc.emergingthreats.net/2009802; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_KillAV; sid:2009802; rev:2;)

Added 2009-08-31 16:38:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN KillAV? Downloader - GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php?id="; nocase; uricontent:"&key="; nocase; uricontent:"&p="; nocase; content:"&p="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FKillav.DK&ThreatID=142699; reference:url,www.im-infected.com/trojan/trojanwin32killav-dk.html; reference:url,www.bitdefender.com/VIRUS-1000499-en--Trojan.KillAV.PT.html; reference:url,doc.emergingthreats.net/2009802; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_KillAV; sid:2009802; rev:2;)

Added 2009-08-31 16:38:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN KillAV? Downloader - GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:".php?id="; nocase; uricontent:"&key="; nocase; uricontent:"&p="; nocase; content:"&p="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FKillav.DK&ThreatID=142699; reference:url,www.im-infected.com/trojan/trojanwin32killav-dk.html; reference:url,www.bitdefender.com/VIRUS-1000499-en--Trojan.KillAV.PT.html; sid:2009802; rev:1;)

Added 2009-08-28 00:00:39 UTC


Topic revision: r1 - 2009-08-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats