alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)
Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)
Added 2008-04-02 08:53:20 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)
Added 2008-04-02 08:49:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:11;)
Added 2008-04-02 08:49:45 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;)
Added 2008-03-24 23:55:07 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:!"|0d 0a|Referer\: http\://dell"; depth:100; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:10;)
Added 2008-03-24 23:55:07 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Malware
MyWebSearch? Toolbar Traffic (host)"; flow: to_server,established; content:"Host\:"; depth:250; content:"myway.com"; nocase; within:20; distance:0; classtype:trojan-activity; threshold:type limit, track by_src, count 2, seconds 360; sid: 2001663; rev:9;)
Added 2008-02-01 14:32:22 UTC
This one also detects dell support as
MyWebSearch?: