[Emerging-Sigs] SIG: ET MALWARE W32/PriceMeter.Adware Beacon

Kevin Ross kevross33 at googlemail.com
Tue Apr 8 00:44:52 HADT 2014


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
W32/PriceMeter.AdwareBeacon"; flow:established,to_server;
content:"/?type="; http_uri; content:"&topic="; http_uri;
content:"&funnel="; http_uri; content:"&installId="; http_uri;
content:"&hid="; http_uri; content:"&ver="; http_uri;
content:"User-Agent|3A| WinHTTP/"; http_header; classtype:trojan-activity;
reference:md5,26db4ba2bbb56d410ef2e0d80291b1b3; sid:123391; rev:1;)

Regards,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140408/616d685e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Price.png
Type: image/png
Size: 29305 bytes
Desc: not available
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140408/616d685e/attachment-0001.png>


More information about the Emerging-sigs mailing list