[Emerging-Sigs] Signature for HTML.Psyme.Gen

dave richards dave.richards0319 at gmail.com
Tue Oct 26 02:23:46 EDT 2010


Hi Matt,

Please find the signature for the Adware HTML.Psyme.Gen Reporting,

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
HTML.Psyme.Gen Reporting"; flow:established,to_server; content:"GET ";
http_method; content:"/channel/channelCode.htm?"; nocase; http_uri;
content:"pid="; nocase; http_uri; classtype: trojan-activity; reference:url,
threatexpert.com/report.aspx?md5=de1adb1df396863e7e3967271e7db734;
sid:2010104; rev:1;)

Looking forward for your comments if any,

-- 
Regards,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101026/b23de9e7/attachment.html


More information about the Emerging-sigs mailing list