Rule History

SID: 2013244 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 2 • Jul 11, 2011, 12:00 PM

Message:

ET WEB_CLIENT Known Injected Credit Card Fraud Malvertisement Script

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Known Injected Credit Card Fraud Malvertisement Script"; flow:established,to_client; content:"|3C|script|3E|ba|28 27|Windows.class|27 2C 27|Windows.jar|27 29 3B 3C 2F|script|3E|"; nocase; reference:url,blogs.paretologic.com/malwarediaries/index.php/2011/07/06/stolen-credit-cards-site-injected-with-malware/; classtype:misc-activity; sid:2013244; rev:2; metadata:created_at 2011_07_11, signature_severity Unknown, updated_at 2019_07_26;)

Created:

Jul 11, 2011, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-web_client.rules