Versions (3)
Version DetailsCurrent
Rev: 4 • Oct 21, 2015, 12:00 PMET WEB_CLIENT Fake Java Installer Landing Page Oct 21
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT Fake Java Installer Landing Page Oct 21"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/download.php?id="; content:"&sid="; distance:0; content:"&name=Java|20|Runtime|20|Environment|20|"; distance:0; fast_pattern; pcre:"/^\/[0-9]+\/download\.php\?id=/"; pcre:"/&name=[a-z0-9\x20]+$/i"; reference:url,heimdalsecurity.com/blog/security-alert-blackhat-seo-campaign-passes-around-malware-to-unsuspecting-users; classtype:trojan-activity; sid:2021991; rev:4; metadata:created_at 2015_10_21, signature_severity Major, updated_at 2020_12_10;)
Oct 21, 2015, 12:00 PM
Dec 10, 2020, 12:00 PM
Oct 21, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-web_client.rules