ET MALWARE SuperFish Possible SSL Cert Signed By Compromised Root CA

SID: 2020493Rev: 40 viewsHistory

Sourceet/open

CreatedFebruary 20, 2015

UpdatedMarch 26, 2024

Classificationtrojan-activity

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE SuperFish Possible SSL Cert Signed By Compromised Root CA"; flow:established,to_client; tls.cert_issuer; content:"O=Superfish, Inc."; content:"CN=Superfish, Inc."; fast_pattern; reference:url,blog.erratasec.com/2015/02/extracting-superfish-certificate.html; reference:url,myce.com/news/lenovo-laptops-come-with-preinstalled-advertisement-injecting-adware-74290/; classtype:trojan-activity; sid:2020493; rev:4; metadata:attack_target Client_Endpoint, created_at 2015_02_20, deployment Perimeter, deprecation_reason Age, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_03_26, reviewed_at 2024_03_26;)

References

url	blog.erratasec.com/2015/02/extracting-superfish-certificate.html
url	myce.com/news/lenovo-laptops-come-with-preinstalled-advertisement-injecting-adware-74290/

Metadata

attack targetClient_Endpoint

created at2015_02_20

deploymentPerimeter

deprecation reasonAge

confidenceMedium

signature severityMajor

tagSSL_Malicious_Cert

updated at2024_03_26

reviewed at2024_03_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!