Rule History

SID: 2008945 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 6 • Jul 30, 2010, 12:00 PM

Message:

ET MALWARE dlink router access attempt

Rule:

alert http $HOME_NET any -> $HOME_NET any (msg:"ET MALWARE dlink router access attempt"; flow:established,to_server; content:"GET /dlink/hwiz.html HTTP/1.0|0d 0a 0d 0a|"; content:!"|0d 0a|Host|3a| "; classtype:trojan-activity; sid:2008945; rev:6; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2019_07_26;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Jul 30, 2010, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-malware.rules