alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/automation/n09230945.asp"; http_uri; fast_pattern; content:"User-Agent|3a| Mozilla/5.0 (X11|3b| U|3b| Linux i686|3b| en-US|3b| rv|3a|1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a|"; http_header; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; classtype:trojan-activity; sid:2011072; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/automation/n09230945.asp"; http_uri; fast_pattern; content:"User-Agent|3a| Mozilla/5.0 (X11|3b| U|3b| Linux i686|3b| en-US|3b| rv|3a|1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a|"; http_header; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; classtype:trojan-activity; sid:2011072; rev:4;)

Added 2011-10-12 19:31:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/automation/n09230945.asp"; http_uri; fast_pattern; content:"User-Agent|3a| Mozilla/5.0 (X11|3b| U|3b| Linux i686|3b| en-US|3b| rv|3a|1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a|"; http_header; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; sid:2011072; rev:4;)

Added 2011-09-14 22:44:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/automation/n09230945.asp"; http_uri; fast_pattern; content:"User-Agent|3a| Mozilla/5.0 (X11|3b| U|3b| Linux i686|3b| en-US|3b| rv|3a|1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a|"; http_header; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fruspam; sid:2011072; rev:4;)

Added 2011-02-04 17:30:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/automation/n09230945.asp"; content:"|0d 0a|User-Agent\: Mozilla/5.0 (X11\; U\; Linux i686\; en-US\; rv\:1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a 0d 0a|"; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fruspam; sid:2011072; rev:1;)

Added 2010-04-27 19:00:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fruspam polling for IP likely infected"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"/automation/n09230945.asp"; content:"|0d 0a|User-Agent\: Mozilla/5.0 (X11\; U\; Linux i686\; en-US\; rv\:1.9.0.4) Ubuntu/8.04 (hardy) Firefox/3.0.0|0d 0a 0d 0a|"; classtype:trojan-activity; reference:url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx; reference:url,doc.emergingthreats.net/2011072; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fruspam; sid:2011072; rev:1;)

Added 2010-04-27 18:57:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats