Versions (5)
Version DetailsCurrent
Rev: 8 • Jul 30, 2010, 12:00 PMET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"&ver="; content:"&MAX_EXECUTE_TIME="; fast_pattern; content:"&RELOAD_JOBS="; content:"&BROWSER_DELAY="; content:"&CONTROL_PAGE"; content:"&lastlogcount"; content:"&min_captchasize"; content:"&botid"; content:"®_NAME"; content:"&botlogin="; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FWombot.A; classtype:command-and-control; sid:2009830; rev:8; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_05;)
Jul 30, 2010, 12:00 PM
Mar 5, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 19, 2025, 10:34 PM
rules/emerging-malware.rules