[Emerging-Sigs] Android\Updtkiller

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Dec 27 09:56:22 HAST 2012


Cool, Thanks! Will get into QA.

Regards,

Will

On Wed, Dec 26, 2012 at 9:49 AM, tdzmont <tdzmont at gmail.com> wrote:

> 98a8672af274077f94a5ef551a37cc29
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET
> MOBILE_MALWARE Android/Updtkiller Sending Device Information";
> flow:established,to_server; content:"/phone_getinfokou_android.php";
> http_uri; reference:url,
> www.symantec.com/ja/jp/security_response/writeup.jsp?docid=2012-082308-1823-99&tabid=2
> ;
> classtype:trojan-activity; sid:0; rev:1;)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121227/4360b7f6/attachment.html>


More information about the Emerging-sigs mailing list