alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt 1"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; metadata: former_category CURRENT_EVENTS; reference:url,www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme; classtype:trojan-activity; sid:2024238; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2017_04_24, performance_impact Moderate, updated_at 2017_09_12;)

Added 2017-09-12 17:54:25 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt 1"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; metadata: former_category CURRENT_EVENTS; reference:url,www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme; classtype:trojan-activity; sid:2024238; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2017_04_24, performance_impact Moderate, updated_at 2017_09_12;)

Added 2017-09-12 16:23:29 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; metadata: former_category CURRENT_EVENTS; reference:url,www.bleepingcomputer.com/virus-removal/hoeflertext-font-wasnt-found-and-chrome-font-pack-guide; classtype:trojan-activity; sid:2024238; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2017_04_24, performance_impact Moderate, updated_at 2017_04_24;)

Added 2017-08-07 21:19:34 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; reference:url,www.bleepingcomputer.com/virus-removal/hoeflertext-font-wasnt-found-and-chrome-font-pack-guide; classtype:trojan-activity; sid:2024238; rev:2;)

Added 2017-05-05 16:59:07 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; metadata: former_category CURRENT_EVENTS; reference:url,www.bleepingcomputer.com/virus-removal/hoeflertext-font-wasnt-found-and-chrome-font-pack-guide; classtype:trojan-activity; sid:2024238; rev:2;)

Added 2017-05-03 17:36:04 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS HoeflerText? Chrome Popup DriveBy? Download Attempt"; flow:established,to_client; file_data; content:"The |22|HoeflerText|22| font wasn't found"; nocase; fast_pattern; content:"you have to update the |22|Chrome Font Pack|22|"; distance:0; nocase; content:"Click on the Chrome_Font.exe"; distance:0; nocase; content:"Latest version"; distance:0; nocase; content:"href=|22|http"; distance:0; nocase; content:"window.chrome"; distance:0; nocase; reference:url,www.bleepingcomputer.com/virus-removal/hoeflertext-font-wasnt-found-and-chrome-font-pack-guide; classtype:trojan-activity; sid:2024238; rev:2;)

Added 2017-04-24 17:33:40 UTC


Topic revision: r1 - 2017-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats