Versions (3)
Version DetailsCurrent
Rev: 5 • Jul 30, 2010, 12:00 PMET MALWARE Potential Fake AV Download (download/install.php)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Potential Fake AV Download (download/install.php)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"download/install.php"; http_uri; pcre:"/\x0d\x0aHost\: [a-z\x2e]+(security|virus|pro|anti|scan|mypc|total|protect|check|guard|defend)/i"; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html; reference:url,malwareurl.com; reference:url,www.malwaredomainlist.com; classtype:trojan-activity; sid:2010465; rev:5; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 2, 2025, 10:34 PM
rules/emerging-malware.rules