Versions (4)
Version DetailsCurrent
Rev: 6 • Jun 5, 2013, 12:00 PMET MALWARE Possible Win32/Travnet.A Internet Connection Check (microsoft.com)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Win32/Travnet.A Internet Connection Check (microsoft.com)"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/info/privacy_security.htm"; http.header_names; content:!"Referer|0d 0a|"; http.host; content:"microsoft.com"; endswith; reference:md5,d04a7f30c83290b86cac8d762dcc2df5; reference:md5,cb9cc50b18a7c91cf4a34c624b90db5d; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A; reference:url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data; classtype:trojan-activity; sid:2016969; rev:6; metadata:created_at 2013_06_05, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)
Jun 5, 2013, 12:00 PM
Apr 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 9, 2025, 9:35 PM
rules/emerging-malware.rules