ET MALWARE Potential Fake AV Download (download/install.php)

SID: 2010465Rev: 50 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Potential Fake AV Download (download/install.php)"; flow:established,to_server; content:"GET"; nocase; http_method; content:"download/install.php"; http_uri; pcre:"/\x0d\x0aHost\: [a-z\x2e]+(security|virus|pro|anti|scan|mypc|total|protect|check|guard|defend)/i"; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html; reference:url,malwareurl.com; reference:url,www.malwaredomainlist.com; classtype:trojan-activity; sid:2010465; rev:5; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

urllists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
urlmalwareurl.com
urlwww.malwaredomainlist.com

Metadata

created at2010_07_30
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!