Versions (5)
Version DetailsCurrent
Rev: 7 • Jun 9, 2011, 12:00 PMET MALWARE Possible FakeAV Binary Download (Security)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible FakeAV Binary Download (Security)"; flow:established,to_client; http.header; content:"filename=|22|"; nocase; content:"security"; fast_pattern; nocase; within:50; content:!"ALLOW-FROM www.onecallnow.com"; pcre:"/filename\x3D\x22[^\r\n]*security[^\n]+\.exe/i"; http.content_type; content:!"text/xml"; depth:8; classtype:trojan-activity; sid:2012981; rev:7; metadata:created_at 2011_06_09, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_06;)
Jun 9, 2011, 12:00 PM
Nov 6, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 2, 2025, 10:34 PM
rules/emerging-malware.rules