#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_client; file_data; content:"PDF-"; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; classtype:misc-activity; sid:2011008; rev:5;)

Added 2012-03-31 09:36:53 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; file_data; content:"PDF-"; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; classtype:misc-activity; sid:2011008; rev:4;)

Added 2011-10-12 19:31:07 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; file_data; content:"PDF-"; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; sid:2011008; rev:4;)

Added 2011-09-14 22:44:15 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; file_data; content:"PDF-"; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Java; sid:2011008; rev:4;)

Added 2011-04-12 14:06:59 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; file_data; content:"PDF-"; nocase; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Java; sid:2011008; rev:3;)

Added 2011-02-04 17:30:43 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; content:"PDF-"; nocase; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Java; sid:2011008; rev:2;)

Added 2010-04-07 18:45:56 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; content:"PDF-"; nocase; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; reference:url,doc.emergingthreats.net/2011008; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Java; sid:2011008; rev:2;)

Added 2010-04-07 18:45:56 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; content:"PDF-"; nocase; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; sid:2011008; rev:1;)

Added 2010-04-07 16:16:01 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF"; flow:established,to_server; content:"PDF-"; nocase; depth:300; content:"/Filter"; nocase; distance:0; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; content:"Decode"; nocase; within:30; classtype:misc-activity; reference:url,www.symantec.com/connect/blogs/journey-center-pdf-stream; sid:2011008; rev:1;)

Added 2010-04-07 16:15:40 UTC


Topic revision: r1 - 2012-03-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats