Versions (2)
Version DetailsCurrent
Rev: 5 • Feb 3, 2011, 12:00 PMET MALWARE SpyEye Post_Express_Label ftpgrabber check-in
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE SpyEye Post_Express_Label ftpgrabber check-in"; flow:established,to_server; http.uri; content:"grabbers.php"; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; http.request_body; content:"&module=ftpgrabber"; fast_pattern; reference:url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out; classtype:trojan-activity; sid:2012284; rev:5; metadata:created_at 2011_02_03, signature_severity Major, updated_at 2024_03_24;)
Feb 3, 2011, 12:00 PM
Mar 24, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules