Versions (2)
Version DetailsCurrent
Rev: 7 • Jul 30, 2010, 12:00 PMET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WindowsEnterpriseSuite FakeAV Reporting via POST"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"verint="; content:"&uid="; distance:0; content:"&wv="; distance:0; content:"&report="; distance:0; content:"&abbr="; distance:0; content:"&pid="; distance:0; pcre:"/verint=\d+&uid=\d+&wv=[A-Za-z0-9]+&report=\d+&abbr=[A-Za-z0-9]+&pid=\d/"; reference:md5,d9bcb4e4d650a6ed4402fab8f9ef1387; classtype:trojan-activity; sid:2010247; rev:7; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_04_21;)
Jul 30, 2010, 12:00 PM
Apr 21, 2020, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules