[Emerging-Sigs] SIG: ET CURRENT_EVENTS Possible Redirection to Unknown Exploit Pack

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Oct 25 16:30:08 EDT 2011


Posting, thanks!

Matt


On Oct 20, 2011, at 6:25 PM, Kevin Ross wrote:

> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Redirection to Unknown Exploit Pack"; flow:established,to_client; content:"document.write|28|unescape|28 22|%3Cscript src=|27 22 20 2B 20|; nocase; classtype:misc-attack; reference:url,http://www.kahusecurity.com/2011/malware-infection-from-new-exploit-pack/; sid:1449991; rev:1;)


----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list