ET MALWARE SpyEye Post_Express_Label ftpgrabber check-in

SID: 2012284Rev: 50 views
History
Sourceet/open
CreatedFebruary 3, 2011
UpdatedMarch 24, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE SpyEye Post_Express_Label ftpgrabber check-in"; flow:established,to_server; http.uri; content:"grabbers.php"; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; http.request_body; content:"&module=ftpgrabber"; fast_pattern; reference:url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out; classtype:trojan-activity; sid:2012284; rev:5; metadata:created_at 2011_02_03, signature_severity Major, updated_at 2024_03_24;)

References

urlnakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out

Metadata

created at2011_02_03
signature severityMajor
updated at2024_03_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!