alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Fake Java Installer Landing Page Oct 21"; flow:established,to_server; content:"GET"; http_method; content:"/download.php?id="; http_uri; content:"&sid="; http_uri; distance:0; content:"&name=Java|20|Runtime|20|Environment|20|"; http_uri; distance:0; fast_pattern; pcre:"/^\/[0-9]+\/download\.php\?id=/U"; pcre:"/&name=[a-z0-9\x20]+$/Ui"; metadata: former_category CURRENT_EVENTS; reference:url,heimdalsecurity.com/blog/security-alert-blackhat-seo-campaign-passes-around-malware-to-unsuspecting-users; classtype:trojan-activity; sid:2021991; rev:2; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2019-09-10 20:12:53 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Fake Java Installer Landing Page Oct 21"; flow:established,to_server; content:"GET"; http_method; content:"/download.php?id="; http_uri; content:"&sid="; http_uri; distance:0; content:"&name=Java|20|Runtime|20|Environment|20|"; http_uri; distance:0; fast_pattern; pcre:"/^\/[0-9]+\/download\.php\?id=/U"; pcre:"/&name=[a-z0-9\x20]+$/Ui"; reference:url,heimdalsecurity.com/blog/security-alert-blackhat-seo-campaign-passes-around-malware-to-unsuspecting-users; classtype:trojan-activity; sid:2021991; rev:2; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2018-09-13 19:51:51 UTC


Added 2018-09-13 18:00:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Fake Java Installer Landing Page Oct 21"; flow:established,to_server; content:"GET"; http_method; content:"/download.php?id="; http_uri; content:"&sid="; http_uri; distance:0; content:"&name=Java|20|Runtime|20|Environment|20|"; http_uri; distance:0; fast_pattern; pcre:"/^\/[0-9]+\/download\.php\?id=/U"; pcre:"/&name=[a-z0-9\x20]+$/Ui"; reference:url,heimdalsecurity.com/blog/security-alert-blackhat-seo-campaign-passes-around-malware-to-unsuspecting-users; classtype:trojan-activity; sid:2021991; rev:2; metadata:created_at 2015_10_21, updated_at 2015_10_21;)

Added 2017-08-07 21:16:47 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Fake Java Installer Landing Page Oct 21"; flow:established,to_server; content:"GET"; http_method; content:"/download.php?id="; http_uri; content:"&sid="; http_uri; distance:0; content:"&name=Java|20|Runtime|20|Environment|20|"; http_uri; distance:0; fast_pattern; pcre:"/^\/[0-9]+\/download\.php\?id=/U"; pcre:"/&name=[a-z0-9\x20]+$/Ui"; reference:url,heimdalsecurity.com/blog/security-alert-blackhat-seo-campaign-passes-around-malware-to-unsuspecting-users; classtype:trojan-activity; sid:2021991; rev:2;)

Added 2015-10-21 17:04:59 UTC


Topic revision: r1 - 2019-09-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats