Versions (4)
Version DetailsCurrent
Rev: 3 • Sep 19, 2011, 12:00 PMET MALWARE Win32.Riberow.A (touch)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.Riberow.A (touch)"; flow:established,to_server; http.uri; content:"/touch.php?dir="; http.header; content:"|0d 0a|Pragma|3a 20|no-cache|0d 0a|Accept|3a 20|*/*|0d 0a|"; endswith; http.header_names; content:!"|0d 0a|User-Agent|0d 0a|"; reference:md5,c55fe941b80b3e5e77be8728642d138e; classtype:trojan-activity; sid:2013671; rev:3; metadata:created_at 2011_09_19, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_07;)
Sep 19, 2011, 12:00 PM
Feb 7, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 14, 2025, 9:34 PM
rules/emerging-malware.rules