alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE W32/GameVance Adware Checkin"; flow:established,to_server; content:"/inst.asp?d="; http_uri; content:"&cl="; http_uri; content:"&l="; http_uri; content:"&e="; http_uri; content:"&v="; http_uri; content:"&uid="; http_uri; content:"&time="; http_uri; content:"&win="; http_uri; content:"&ac="; http_uri; content:"&ti="; http_uri; content:"&xv="; http_uri; reference:md5,2609c78efbc325d1834e49553a9a9f89; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3aWin32/GameVance; classtype:trojan-activity; sid:2014339; rev:1;)

Added 2012-03-08 18:30:47 UTC


Topic revision: r1 - 2012-03-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats