Rule History

SID: 2006434 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 9 • Jul 30, 2010, 12:00 PM

Message:

ET POLICY Possible Ecard Trojan download

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Possible Ecard Trojan download"; flow:established,to_server; content:".exe"; nocase; http_uri; pcre:"/(gif|car(d|tao)|jpe?g)\.exe$/Ui"; classtype:suspicious-filename-detect; sid:2006434; rev:9; metadata:created_at 2010_07_30, deployment Perimeter, deprecation_reason Age, confidence Low, signature_severity Informational, updated_at 2023_05_04;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

May 4, 2023, 12:00 PM

DB Created:

Jul 30, 2010, 12:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-policy.rules