Versions (2)
Version DetailsCurrent
Rev: 11 • Jan 7, 2011, 12:00 PMET MALWARE Potential Blackhole Exploit Pack Binary Load Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Potential Blackhole Exploit Pack Binary Load Request"; flow:established,to_server; flowbits:set,et.exploitkitlanding; http.uri; content:".php?f="; fast_pattern; content:"&e="; pcre:"/^[^?#]+?\.php\?f=\w+&e=\d+$/"; http.header_names; content:!"Referer|0d 0a|"; content:"User-Agent|0d 0a|"; content:"Host|0d 0a|"; distance:0; reference:url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/; classtype:bad-unknown; sid:2012169; rev:11; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2011_01_07, deployment Perimeter, malware_family Blackhole, performance_impact Significant, signature_severity Critical, tag Blackhole, tag Exploit_Kit, updated_at 2024_04_09;)
Jan 7, 2011, 12:00 PM
Apr 9, 2024, 12:00 PM
Jan 7, 2011, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-malware.rules