#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Possible FromCharCode? Javascript Obfuscation Attempt"; flow:established,to_client; content:"String.FromCharCode("; fast_pattern:only; nocase; pcre:"/String\x2EFromCharCode\x28[0-9]{1,3}/i"; reference:url,www.w3schools.com/jsref/jsref_fromCharCode.asp; reference:url,www.roseindia.net/javascript/method-fromcharcode.shtml; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,isc.sans.org/diary.html?storyid=7903; classtype:bad-unknown; sid:2011347; rev:2;)

Added 2011-10-12 19:31:49 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Possible FromCharCode? Javascript Obfuscation Attempt"; flow:established,to_client; content:"String.FromCharCode("; fast_pattern:only; nocase; pcre:"/String\x2EFromCharCode\x28[0-9]{1,3}/i"; classtype:bad-unknown; reference:url,www.w3schools.com/jsref/jsref_fromCharCode.asp; reference:url,www.roseindia.net/javascript/method-fromcharcode.shtml; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,isc.sans.org/diary.html?storyid=7903; sid:2011347; rev:2;)

Added 2011-02-04 17:31:09 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Possible FromCharCode? Javascript Obfuscation Attempt"; flow:established,to_client; content:"String.FromCharCode("; nocase; pcre:"/String\x2EFromCharCode\x28[0-9]{1,3}/i"; classtype:bad-unknown; reference:url,www.w3schools.com/jsref/jsref_fromCharCode.asp; reference:url,www.roseindia.net/javascript/method-fromcharcode.shtml; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,doc.emergingthreats.net/2011347; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Obfuscation; sid:2011347; rev:2;)

Added 2010-09-14 12:37:09 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Possible FromCharCode? Javascript Obfuscation Attempt"; flow:established,to_client; content:"String.FromCharCode("; nocase; pcre:"/String\x2EFromCharCode\x28[0-9]{1,3}/i"; classtype:bad-unknown; reference:url,www.w3schools.com/jsref/jsref_fromCharCode.asp; reference:url,www.roseindia.net/javascript/method-fromcharcode.shtml; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,doc.emergingthreats.net/2011347; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Obfuscation; sid:2011347; rev:2;)

Added 2010-09-14 12:37:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Possible FromCharCode? Javascript Obfuscation Attempt"; flow:established,to_client; content:"String.FromCharCode("; nocase; pcre:"/String\x2EFromCharCode\x28[0-9]{1,3}/i"; classtype:bad-unknown; reference:url,www.w3schools.com/jsref/jsref_fromCharCode.asp; reference:url,www.roseindia.net/javascript/method-fromcharcode.shtml; reference:url,isc.sans.org/diary.html?storyid=7906; reference:url,isc.sans.org/diary.html?storyid=7903; reference:url,doc.emergingthreats.net/2011347; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Obfuscation; sid:2011347; rev:2;)

Added 2010-08-14 10:19:26 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats