List Info

Thread: Oemji Spyware sigs
Oemji Spyware sigs
country flaguser name
United States		 2007-03-08 10:58:26 
>From shirkdog, based on spyware listening post hits:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE
MALWARE Oemji Spyware User-Agent (Oemji)";
flow:to_server,established;
content:"User-Agent:"; nocase;
pcre:"/User-Agent:[^n]+Oemji/i";
classtype:trojan-activity; sid:2003468; rev:1;)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE
MALWARE Oemji.com Spyware Settings Update";
flow:established,to_server;
uricontent:"/OemjiSearchPlus.ini" nocase;
reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=
453094187;
sid:2003467; rev:1;)


Thanks shirkdog!

Matt

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
765-429-0398
765-807-3060 fax
http://www.bleedingthr
eats.net
--------------------------------------------

PGP: http:/
/www.bleedingthreats.com/mattjonkman.asc


_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )