alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;) Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;) Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;) Added 2008-04-02 08:49:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;) Added 2008-04-02 08:49:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;) Added 2008-03-24 23:55:07 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;) Added 2008-03-24 23:55:07 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:9;) Added 2008-02-01 14:32:22 UTC This one also detects dell support as MyWebSearch?:
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2008-03-24 - JackPepper
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats