""ET MALWARE klm123.com Spyware User Agent""
SID: 2007616
Revision: 15
Class Type: trojan-activity
Metadata: created_at 2010_07_30, updated_at 2021_03_23
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "User-Agent|3a| {"
-
Value: !"Host|3a| directory.gladinet.com|0d 0a|"
-
Value: !"ff.avast.com|0d 0a|"
-
Value: !"ispringsolutions.com|0d 0a|"
-
Value: !"cdn.download.comodo.com|0d 0a|"
-
Value: !"liveupdate.symantec.com|0d 0a|"
-
Value: !"liveupdate.norton.com|0d 0a|"
Within:
PCRE: "/User-Agent\x3a {[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}}/iH"
Special Options:
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header
-
http_header