Versions (2)
Version DetailsCurrent
Rev: 8 • Jul 30, 2010, 12:00 PMET MALWARE WindowsEnterpriseSuite FakeAV check-in GET
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WindowsEnterpriseSuite FakeAV check-in GET"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/Reports/install-report.php"; content:"abbr="; http.user_agent; content:"TALWinInetHTTPClient"; reference:md5,d9bcb4e4d650a6ed4402fab8f9ef1387; classtype:trojan-activity; sid:2010241; rev:8; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_04_27;)
Jul 30, 2010, 12:00 PM
Apr 27, 2020, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules