Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP Downloader.NSIS.OutBrowse.b Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/Installer/Flow?pubid="; fast_pattern; startswith; nocase; content:"&distid="; distance:0; content:"&productid="; distance:0; content:"&subpubid="; distance:0; content:"&campaignid="; distance:0; content:"&networkid="; distance:0; content:"&dfb="; distance:0; content:"&os="; distance:0; content:"&version="; distance:0; http.user_agent; content:"Chrome/18.0.1025.142 Safari/535.19"; endswith; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; reference:md5,38eeed96ade6037dc299812eeadee164; reference:url,sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx; classtype:pup-activity; sid:2018617; rev:8; metadata:created_at 2014_01_14, signature_severity Minor, updated_at 2024_03_02;)