alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Conduit Connect Toolbar (Many report to be benign)"; flow: to_server,established; uricontent:"/iis2ebs.asp"; content:"User-Agent\: EI"; nocase; reference:url,www.conduit.com; classtype: trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Conduit_Connect; sid: 2003216; rev:3;)

Added 2009-02-08 17:30:23 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Conduit Connect Toolbar (Many report to be benign)"; flow: to_server,established; uricontent:"/iis2ebs.asp"; content:"User-Agent\: EI"; nocase; reference:url,www.conduit.com; classtype: trojan-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2003216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Conduit_Connect; sid: 2003216; rev:3;)

Added 2009-02-08 17:30:23 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Conduit Connect Toolbar (Many report to be benign)"; flow: to_server,established; uricontent:"/iis2ebs.asp"; content:"User-Agent\: EI"; nocase; reference:url,www.conduit.com; classtype: trojan-activity; sid: 2003216; rev:2;)

Added 2008-01-28 17:24:17 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Conduit Connect Toolbar (Many report to be benign)"; flow: to_server,established; uricontent:"/iis2ebs.asp"; content:"User-Agent\: EI"; nocase; reference:url,www.conduit.com; classtype: trojan-activity; sid: 2003216; rev:2;)

Added 2008-01-28 17:24:17 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware Conduit Connect Toolbar (Many report to be benign)"; flow: to_server,established; uricontent:"/iis2ebs.asp"; content:"User-Agent\: EI"; nocase; reference:url,www.conduit.com; classtype: trojan-activity; sid: 2003216; rev:1;)