ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-16 Encoding

SID: 2012109Rev: 20 views

Sourceet/open

CreatedDecember 28, 2010

UpdatedJuly 26, 2019

Classificationbad-unknown

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-16 Encoding"; flow:established,to_client; content:"%u5374%u7269%u6e67%u2e66%u726f%u6d43%u6861%u7243%u6f64%u65"; nocase; reference:url,cansecwest.com/slides07/csw07-nazario.pdf; reference:url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html; classtype:bad-unknown; sid:2012109; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_12_28, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)

References

url	cansecwest.com/slides07/csw07-nazario.pdf
url	www.sophos.com/security/technical-papers/malware_with_your_mocha.html

Metadata

affected productWeb_Browser_Plugins

attack targetClient_Endpoint

created at2010_12_28

deploymentPerimeter

signature severityMajor

tagWeb_Client_Attacks

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!