Rule History

SID: 2003337 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 23 • Jul 30, 2010, 12:00 PM

Message:

ET USER_AGENTS Suspicious User Agent (Autoupdate)

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET USER_AGENTS Suspicious User Agent (Autoupdate)"; flow:established,to_server; http.header; content:!" Creative AutoUpdate v"; http.user_agent; content:"Autoupdate"; nocase; depth:10; content:!"McAfeeAutoUpdate"; nocase; http.host; content:!"update.nai.com"; content:!"nokia.com"; content:!"sophosupd.com"; content:!"sophosupd.net"; content:!"wholetomato.com"; content:!".acclivitysoftware.com"; classtype:pup-activity; sid:2003337; rev:23; metadata:created_at 2010_07_30, deployment Perimeter, deployment alert_only, performance_impact Low, confidence Low, signature_severity Minor, updated_at 2023_05_31;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

May 31, 2023, 12:00 PM

DB Created:

Jul 30, 2010, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-user_agents.rules