[Emerging-Sigs] FPs on "ET USER_AGENTS Suspicious User-Agent (contains loader)"
jeff-kell at utc.edu
Tue Oct 12 14:11:47 EDT 2010
Not sure what the original was intended to look for, but would anchoring the "loader"
with a leading space do the trick? or was this a generic catch for uploader/downloader?
On 10/12/2010 2:06 PM, Jeff Kell wrote:
> On 10/11/2010 6:46 PM, Jeff Kell wrote:
>> This signature fires on the Inno Setup Downloader (see
>> http://en.wikipedia.org/wiki/Inno_Setup ).
> Also FPs on "Blizzard Downloader" (World of Warcraft update engine).
More information about the Emerging-sigs