Snort mailing list archives
Adware/Toolbar?
From: Y M <snort () outlook com>
Date: Sun, 20 Oct 2013 10:12:55 +0000
Hi, I was not sure how to categorize this one. I was seeing several http requests (see reference), after some googling, it seems the domain and the downloads from it do not have good reputation. It may be nothing worthy. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"PUA-TOOLBAR toolbar configuration download attempt"; flow:to_server,established; content:"/config/?"; http_uri; content:"&ext="; distance:0; http_uri; content:"&ver="; distance:0; http_uri; content:"&cmp="; distance:0; http_uri; content:"&rand="; distance:0; http_uri; metadata: policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/url/2397c37dc74b54ff7ff76960d6b4a921e914259f125e69d58f0626806eb99718/analysis/1382259349/; classtype:trojan-activity; sid:100075; rev:1;) Thanks.YM
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Adware/Toolbar? Y M (Oct 20)