Rule History

SID: 2014353 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 8 • Mar 9, 2012, 12:00 PM

Message:

ET ADWARE_PUP W32/MediaGet.Adware Installer Download

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ADWARE_PUP W32/MediaGet.Adware Installer Download"; flow:established,to_client; flowbits:isnotset,ET.Adobe.Site.Download; http.header.raw; content:"Set-Cookie|3A 20 |MediagetDownloaderInfo=installer"; file.data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; fast_pattern; distance:-64; within:4; reference:url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=860182; reference:md5,39c1769c39f61dd2ec009de8374352c6; classtype:pup-activity; sid:2014353; rev:8; metadata:created_at 2012_03_09, signature_severity Minor, updated_at 2020_08_31;)

Created:

Mar 9, 2012, 12:00 PM

Updated:

Aug 31, 2020, 12:00 PM

DB Created:

Mar 9, 2012, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-adware_pup.rules