Rule History

SID: 2018095 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 9 • Jan 14, 2014, 12:00 PM

Message:

ET ADWARE_PUP Potentially Unwanted Application AirInstaller

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP Potentially Unwanted Application AirInstaller"; flow:to_server,established; urilen:>31; http.method; content:"GET"; http.uri; content:"/launch/?c="; fast_pattern; content:"&m="; content:"&l="; content:"&b="; content:"&sid="; content:"&os="; http.header_names; content:!"Accept"; content:!"Referer|0d 0a|"; reference:md5,3eaaf0de35579e5af89ae3dd81d0c592; reference:md5,ac030896aad1b6b0eeb00952dee24c3f; classtype:pup-activity; sid:2018095; rev:9; metadata:created_at 2014_01_14, signature_severity Minor, updated_at 2020_11_05;)

Created:

Jan 14, 2014, 12:00 PM

Updated:

Nov 5, 2020, 12:00 PM

DB Created:

Jan 14, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-adware_pup.rules