#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED EXE Download When Server Claims To Send Audio File - DOS Mode"; flow:established,to_client; content:"Content-Type|3A 20|audio|2F|"; http_header; nocase; file_data; content:"MZ"; within:2; content:"This program cannot be run in DOS mode"; distance:0; content:"PE"; distance:0; classtype:trojan-activity; sid:2013442; rev:2;)

Added 2012-03-07 18:45:04 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE EXE Download When Server Claims To Send Audio File - DOS Mode"; flow:established,to_client; content:"Content-Type|3A 20|audio|2F|"; http_header; nocase; file_data; content:"MZ"; within:2; content:"This program cannot be run in DOS mode"; distance:0; content:"PE"; distance:0; classtype:trojan-activity; sid:2013442; rev:2;)

Added 2011-12-06 21:59:19 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE EXE Download When Server Claims To Send Audio File - DOS Mode"; flow:established,to_client; content:"Content-Type|3A 20|audio|2F|"; http_header; nocase; file_data; content:"MZ"; distance:0; content:"This program cannot be run in DOS mode"; distance:0; content:"PE"; distance:0; classtype:trojan-activity; sid:2013442; rev:1;)

Added 2011-10-12 19:36:52 UTC


Topic revision: r1 - 2012-03-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats