alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Smart Fortress FakeAV/Kryptik.ABNC Checkin"; flow:established,to_server; content:"/?&affid="; http_uri; fast_pattern; content:"Accept|3a| *//*|0d 0a|"; http_header; reference:md5,fa20c17e5f58e7419b4f0eed318fa95a; reference:url,support.kaspersky.com/viruses/rogue/description?qid=208286259; classtype:trojan-activity; sid:2014293; rev:3;)

Added 2014-08-13 16:55:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smart Fortress FakeAV/Kryptik.ABNC Checkin"; flow:established,to_server; content:"/?&affid="; http_uri; fast_pattern; content:"Accept|3a| *//*|0d 0a|"; http_header; reference:md5,1ddfc3f3a804f0844c5fdf49dc10562a6; reference:url,support.kaspersky.com/viruses/rogue/description?qid=208286259; classtype:trojan-activity; sid:2014293; rev:2;)

Added 2012-03-12 19:45:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Smart Fortress FakeAV/Kryptik.ABNC Checkin"; flow:established,to_server; content:"/?&affid="; http_uri; fast_pattern; content:"Accept|3a| *//*|0d 0a|"; http_header; reference:md5,1ddfc3f3a804f0844c5fdf49dc10562a6; reference:url,support.kaspersky.com/viruses/rogue/description?qid=208286259; classtype:trojan-activity; sid:2014293; rev:2;)

Added 2012-03-12 19:45:15 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Kryptik.ABNC Checkin"; flow:established,to_server; content:"/?&affid="; http_uri; fast_pattern; content:"Accept|3a| *//*|0d 0a|"; http_header; reference:md5,1ddfc3f3a804f0844c5fdf49dc10562a6; classtype:trojan-activity; sid:2014293; rev:2;)

Added 2012-02-29 11:32:06 UTC


Topic revision: r1 - 2014-08-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats