[Emerging-Sigs] SIG: ET TROJAN W32/OnlineGames Checkin

Kevin Ross kevross33 at googlemail.com
Thu Oct 20 19:05:44 EDT 2011


# MD5 075075feb21ea69e4d5edff78141f8d6
# clamav sig (searches for some stuff about gameupdate in binary):
W32/OnlineGames:1:*:4e657747616d65557064617465*47616d6556657273696f6e55706461746531*557064617465546f6f6c

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN
W32/OnlineGames Checkin"; flow:established,to_server; content:"/pcgame/";
http_uri; content:"?Hook1="; http_uri; content:"Setup="; http_uri;
classtype:trojan-activity; sid:144991; rev:1;)

Regards, Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111021/68d894a0/attachment.html


More information about the Emerging-sigs mailing list