alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src="; flow:established,to_server; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?"; nocase; http_header; content:"/get?src="; nocase; http_uri; fast_pattern; content:"|0d 0a|Request|3a| "; nocase; content:"run|0d 0a|"; within:5; reference:url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html; reference:url,doc.emergingthreats.net/2010838; classtype:trojan-activity; sid:2010838; rev:5;)

Added 2011-12-19 18:45:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src="; flow:established,to_server; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?"; nocase; http_header; content:"/get?src="; nocase; http_uri; content:"|0d 0a|Request|3a| "; nocase; content:"run|0d 0a|"; within:5; reference:url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html; reference:url,doc.emergingthreats.net/2010838; classtype:trojan-activity; sid:2010838; rev:4;)

Added 2011-10-12 19:30:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src="; flow:established,to_server; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?"; nocase; http_header; content:"/get?src="; nocase; http_uri; content:"|0d 0a|Request|3a| "; nocase; content:"run|0d 0a|"; within:5; classtype:trojan-activity; reference:url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html; reference:url,doc.emergingthreats.net/2010838; sid:2010838; rev:4;)

Added 2011-09-14 22:43:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src="; flow:established,to_server; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| Win32|3b| WinHttpRequest?"; nocase; http_header; content:"/get?src="; nocase; http_uri; content:"|0d 0a|Request|3a| "; nocase; content:"run|0d 0a|"; within:5; classtype:trojan-activity; reference:url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html; reference:url,doc.emergingthreats.net/2010838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010838; rev:4;)

Added 2011-02-04 17:30:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src="; flow:established,to_server; content:"|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; Win32\; WinHttpRequest?"; nocase; uricontent:"/get?src="; nocase; content:"|0d 0a|Request\: "; nocase; content:"run|0d 0a|"; within:5; classtype:trojan-activity; reference:url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html; reference:url,doc.emergingthreats.net/2010838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010838; rev:2;)

Added 2010-02-23 10:55:59 UTC


Topic revision: r1 - 2011-12-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats