[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] sig for FraudLoad.aww
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2008-06-24 15:28:56
Message-ID: 486112B8.70902 () jonkmans ! com
[Download RAW message or body]
Looks like a good name by me. Good sig, posting now
Matt
Marcus wrote:
> re: 650a6cb1433b764e27ea59d2eca999a3
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET Trojan -
> FraudLoad.aww HTTP POST"; \
> flow:established,to_server; content:"POST"; depth:4; content:"/instlog/?"; \
> content:"User-Agent\: Mozilla/3.0 (compatible\;
> TALWinInetHTTPClient)"; nocase; sid:99999; rev:1;)
>
> Not sure if this has a different, more well known, name then
> FraudLoad.aww, but that is all I could find.
>
> Cheers,
> Marc
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic