Versions (2)
Version DetailsCurrent
Rev: 5 • Mar 26, 2015, 12:00 PMET ADWARE_PUP Windows executable sent when remote host claims to send an image M2
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2"; flow:established,from_server; http_content_type; content:"image/jpeg"; depth:10; isdataat:!1,relative; file_data; content:"MZ"; within:2; content:"!This program"; distance:0; fast_pattern; classtype:pup-activity; sid:2020757; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_03_26, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2019_08_14;)
Mar 26, 2015, 12:00 PM
Aug 14, 2019, 12:00 PM
Mar 26, 2015, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-adware_pup.rules