Versions (3)
Version DetailsCurrent
Rev: 7 • Jul 30, 2010, 12:00 PMET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte)
alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte)"; flow:established,to_server; content:"/nte/"; http_uri; nocase; content:"|0d 0a|accept-encoding|3a| pack200-gzip,gzip|0d 0a|"; nocase; content:"|0d 0a|content-type|3a| application/x-java-archive|0d 0a|"; nocase; content:!"|0d 0a|Referer|3a| "; nocase; content:"|0d 0a|User-Agent|3a| Mozilla"; nocase; content:" Java/"; nocase; within:50; reference:url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0; classtype:exploit-kit; sid:2010871; rev:7; metadata:created_at 2010_07_30, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_08_22;)
Jul 30, 2010, 12:00 PM
Aug 22, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 6, 2025, 4:34 PM
rules/emerging-deleted.rules