ET MALWARE Opachki Link Hijacker HTTP Header Injection

SID: 2010283Rev: 101 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedFebruary 20, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Opachki Link Hijacker HTTP Header Injection"; flow:established,to_server; http.uri; content:".php?l="; fast_pattern; nocase; content:"&u="; nocase; http.accept_enc; pcre:"/^([a-z])\1{3}/i"; http.header_names; content:"|0d 0a|Accept-Encoding|0d 0a|"; nocase; content:"|0d 0a|Referer|0d 0a|"; nocase; reference:url,www.secureworks.com/research/threats/opachki/?threat=opachki; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2; classtype:trojan-activity; sid:2010283; rev:10; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_20;)

References

urlwww.secureworks.com/research/threats/opachki/?threat=opachki
urlwww.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A
urlwww.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2

Metadata

created at2010_07_30
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_02_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!