Versions (3)
Version DetailsCurrent
Rev: 9 • Mar 22, 2012, 12:00 PMET MALWARE FakeAV.dfze/FakeAV!IK Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FakeAV.dfze/FakeAV!IK Checkin"; flow:established,to_server; urilen:>150; http.method; content:"GET"; http.uri; pcre:"/^\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/"; http.header; content:"|0d 0a|Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"; http.host; content:!"pandora.com"; content:!"wordpress.com"; http.start; content:"= HTTP/1.1|0D 0A|Host|3a 20|"; fast_pattern; http.header_names; content:!"User-Agent|0d 0a|"; reference:md5,fe1e735ec10fb8836691fe2f2ac7ea44; classtype:command-and-control; sid:2014409; rev:9; metadata:created_at 2012_03_22, performance_impact Significant, signature_severity Major, updated_at 2024_04_08;)
Mar 22, 2012, 12:00 PM
Apr 8, 2024, 12:00 PM
Mar 22, 2012, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules