Versions (2)
Version DetailsCurrent
Rev: 3 • Mar 9, 2012, 12:00 PMET DELETED RogueAV Wordpress Injection Campaign Compromised Page Served to Local Client
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED RogueAV Wordpress Injection Campaign Compromised Page Served to Local Client"; flow:established,to_client; content:".rr.nu/mm.php?d=1|22|><|2F|script>"; nocase; reference:url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx; classtype:attempted-user; sid:2014337; rev:3; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_03_09, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2019_09_09;)
Mar 9, 2012, 12:00 PM
Sep 9, 2019, 12:00 PM
Mar 9, 2012, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-deleted.rules