Versions (4)
Version DetailsCurrent
Rev: 9 • Jul 30, 2010, 12:00 PMET MALWARE TSPY_BANKER.IDV/Infostealer.Bancos Module Download
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; http.method; content:"GET"; nocase; http.user_agent; bsize:95; content:"Mozilla|2f|4|2e|0|20 28|compatible|3b 20|MSIE|20|6|2e|0|3b 20 20|Windows|20|NT|20|5|2e|1|3b 20|SV1|3b 20 2e|NET|20|CLR|20|1|2e|1|2e|4322|3b 20 2e|NET|20|CLR|20|2|2e|0|2e|50727|29|"; fast_pattern; http.accept; content:"|2a 2f 2a|"; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; classtype:trojan-activity; sid:2009447; rev:9; metadata:created_at 2010_07_30, malware_family Bancos, signature_severity Major, tag Banking_Trojan, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_10;)
Jul 30, 2010, 12:00 PM
Mar 10, 2024, 12:00 PM
Jul 30, 2010, 12:00 PM
Dec 1, 2025, 11:34 PM
rules/emerging-malware.rules