EmergingThreats> Main Web>2012883 (2011-11-23, MrKrugger?) EditAttach

#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED MALVERTISING Malicious Advertizing URL in.cgi"; flow:to_server,established; content:"/in.cgi?"; http_uri; classtype:bad-unknown; sid:2012883; rev:5;)

Added 2012-06-22 19:10:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MALVERTISING Malicious Advertizing URL in.cgi"; flow:to_server,established; content:"/in.cgi?"; depth:26; http_uri; classtype:bad-unknown; sid:2012883; rev:3;)

Added 2011-10-12 19:35:27 UTC

Used in drive-by malware installs via javascript. It is usually followed by a 302 redirect to a scanner and then a 302 to a malware install site.

-- MrKrugger? - 23 Nov 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MALVERTISING Malicious Advertizing URL in.cgi"; flow:to_server,established; content:"/in.cgi?"; depth:26; http_uri; classtype:bad-unknown; sid:2012883; rev:3;)

Added 2011-06-27 20:14:35 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MALVERTISING Malicious Advertizing URL in.cgi"; flow:to_server,established; content:"/in.cgi"; depth:25; http_uri; classtype:bad-unknown; sid:2012883; rev:2;)

Added 2011-06-22 20:04:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS MALVERTISING Malicious Advertizing URL in.cgi"; flow:to_server,established; content:"/in.cgi"; depth:25; http_uri; classtype:bad-unknown; sid:2012883; rev:2;)

Added 2011-05-28 10:19:48 UTC


Topic revision: r2 - 2011-11-23 - MrKrugger?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats