[Emerging-Sigs] MyWebSearch Toolbar Traffic (Agent)
emerging at cyclohexane.net
Thu Jan 8 07:20:40 EST 2009
I've received several hundred false-positives for one of my users on this
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MyWebSearch Toolbar Traffic (Agent)"; flow: to_server,established; content:"
MyWay"; nocase; classtype:trojan-activity; sid: 2001662; rev:9;)
It turns out a cookie on the BBC news website contains "; myway=default" at
Let me know if you need more info than that.
More information about the Emerging-sigs