Versions (4)
Version DetailsCurrent
Rev: 22 • Mar 25, 2013, 12:00 PMET MALWARE Worm.Win32.Vobfus Checkin 3
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Worm.Win32.Vobfus Checkin 3"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"|3f|"; offset:2; depth:20; pcre:"/^\\x2f[a-zA-Z0-9]{1,19}\\x2f?\?[abdefijhgv\x22](?:\x7C\x2d?\d+?[^\\\*\+\=\|\:\x3b\x22\?\<\>\,\#][a-zA-Z0-9-!@#\$%^&\(\)\x20_{}\.~]{1,14})?$/"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE|20|"; fast_pattern; http.host; content:!"www.pinterest.com"; http.header_names; content:!"Accept-Language|0d 0a|"; content:!"Referer|0d 0a|"; reference:md5,3ed744b12a77359576af10a265154081; reference:md5,a2049adc2834d797b37f45382608f2b4; classtype:command-and-control; sid:2018958; rev:22; metadata:created_at 2013_03_25, deprecation_reason Performance, performance_impact Significant, signature_severity Major, updated_at 2024_11_25;)
Mar 25, 2013, 12:00 PM
Nov 25, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules