alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET"; http_method; content:"/smilebox/SmileboxInstaller.exe"; nocase; http_uri; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; classtype:policy-violation; sid:2009998; rev:9;)

Added 2011-10-12 19:28:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET"; http_method; content:"/smilebox/SmileboxInstaller.exe"; nocase; http_uri; classtype:policy-violation; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; sid:2009998; rev:9;)

Added 2011-09-14 22:42:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET"; http_method; content:"/smilebox/SmileboxInstaller.exe"; nocase; http_uri; classtype:policy-violation; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Smilebox; sid:2009998; rev:9;)

Added 2011-02-04 17:29:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Smilebox; classtype:policy-violation; sid:2009998; rev:7;)

Added 2009-10-29 14:06:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Smilebox; classtype:policy-violation; sid:2009998; rev:7;)

Added 2009-10-29 14:06:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Smilebox; classtype:trojan-activity; sid:2009998; rev:6;)

Added 2009-10-26 16:29:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Smilebox; classtype:trojan-activity; sid:2009998; rev:5;)

Added 2009-10-14 23:40:18 UTC

Moving to POLICY. This is a legit company with a real privacy policy and no evidence of mal intent. May not be wanted in a corporate environment though. But definitely a legitimate company.

-- MattJonkman - 26 Oct 2009


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Smilebox; classtype:trojan-activity; sid:2009998; rev:5;)

Added 2009-10-14 23:40:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Smilebox; sid:2009998; rev:4;)

Added 2009-09-29 18:15:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; reference:url,doc.emergingthreats.net/2009998; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Smilebox; sid:2009998; rev:4;)

Added 2009-09-29 18:15:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; sid:2009998; rev:2;)

Added 2009-09-29 16:45:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Spyware Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; sid:2009998; rev:2;)

Added 2009-09-29 16:45:37 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smilebox Download"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download/smilebox/SmileboxInstaller.exe"; nocase; reference:url,www.smilebox.com/info/privacy.html; sid:2009998; rev:1;)

Added 2009-09-29 15:15:37 UTC


Topic revision: r3 - 2009-10-27 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats