Versions (5)
Version DetailsCurrent
Rev: 17 • Jul 30, 2010, 12:00 PMET ADWARE_PUP klm123.com Spyware User Agent
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP klm123.com Spyware User Agent"; flow:established,to_server; http.user_agent; content:"{"; depth:1; fast_pattern; pcre:"/\{[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\}/i"; http.host; content:!"directory.gladinet.com"; content:!"ff.avast.com"; content:!"ispringsolutions.com"; content:!"cdn.download.comodo.com"; content:!"liveupdate.symantec.com"; content:!"liveupdate.norton.com"; classtype:pup-activity; sid:2007616; rev:17; metadata:created_at 2010_07_30, confidence High, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_03_23;)
Jul 30, 2010, 12:00 PM
Mar 23, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Jan 15, 2026, 10:34 PM
rules/emerging-adware_pup.rules