alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Possible FakeAV? Binary Download (Security)"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"security"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*security[^\n]+\.exe/Hi"; classtype:trojan-activity; sid:2012981; rev:1;)

Added 2011-10-12 19:35:41 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Possible FakeAV? Binary Download (Security)"; flow:established,to_client; content:"filename=|22|"; http_header; nocase; content:"security"; fast_pattern; nocase; http_header; within:50; pcre:"/filename\x3D\x22[^\r\n]*security[^\n]+\.exe/Hi"; classtype:trojan-activity; sid:2012981; rev:1;)

Added 2011-06-09 18:26:52 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats