Versions (5)
Version DetailsCurrent
Rev: 7 • Aug 22, 2014, 12:00 PMET MALWARE Probable OneLouder downloader (Zeus P2P)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Probable OneLouder downloader (Zeus P2P)"; flow:to_server,established; urilen:2<>5; flowbits:set,ET.Onelouder.bin; flowbits:noalert; http.method; content:"GET"; http.uri; pcre:"/^\/(?P<n>\d)(?P=n){1,2}$/"; http.user_agent; content:"|20|MSIE|20|"; fast_pattern; http.header_names; content:!"Referer"; content:!"Accept-Language"; classtype:trojan-activity; sid:2018981; rev:7; metadata:created_at 2014_08_22, performance_impact Significant, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_29;)
Aug 22, 2014, 12:00 PM
Apr 29, 2024, 12:00 PM
Aug 22, 2014, 12:00 PM
Oct 9, 2025, 9:35 PM
rules/emerging-malware.rules