[Emerging-Sigs] "ET TROJAN FakeAV Landing Page"
morallo at tb-security.com
Tue Dec 18 04:58:19 HAST 2012
I have regular detections from this rule, together with this other one:
"ET CURRENT_EVENTS Ponmocup Redirection from infected Website to
>From what I understand, I suppose this is just a landing page to show a
false antivirus scan and persuade the user to download and install a
However, the rule is labeled as "TROJAN" in trojan.rules file, and
classified as "trojan-activity". I had the impression this type of rule
triggered only when there has already been an infection.
Maybe it should be moved to CURRENT_EVENTS?
More information about the Emerging-sigs