Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST initial check-in"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/MicroinstallServiceReport.php"; fast_pattern; http.request_body; content:"report="; content:"&pid="; content:"&wv="; pcre:"/report=\d+&pid=\d+&wv=[A-Za-z0-9]/"; reference:md5,d9bcb4e4d650a6ed4402fab8f9ef1387; classtype:trojan-activity; sid:2010246; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_03_08;)