##alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; classtype:trojan-activity; sid:2010867; rev:8;)

Added 2014-09-12 16:28:26 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; classtype:trojan-activity; sid:2010867; rev:7;)

Added 2014-08-26 19:07:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; classtype:trojan-activity; sid:2010867; rev:6;)

Added 2011-10-12 19:30:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; sid:2010867; rev:6;)

Added 2011-09-14 22:43:56 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; sid:2010867; rev:6;)

Added 2011-02-04 17:30:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; sid:2010867; rev:4;)

Added 2010-03-15 23:30:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; sid:2010867; rev:4;)

Added 2010-03-15 23:30:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{,3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; sid:2010867; rev:3;)

Added 2010-03-04 21:00:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{,3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010867; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; sid:2010867; rev:3;)

Added 2010-03-04 21:00:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{,3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; sid:2010867; rev:2;)

Added 2010-03-04 14:00:50 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download Setup_103s1 or Setup_207 variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/Setup_[0-9]{,3}([A-Z][0-9])?\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; sid:2010867; rev:2;)

Added 2010-03-04 13:59:09 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats