""ET CURRENT_EVENTS JDB Exploit Kit Fake Adobe Download""

SID: 2016310

Revision: 4

Class Type: trojan-activity

Metadata: created_at 2013_01_30, updated_at 2013_01_30

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/lib/adobe.php?id="

Within:

PCRE: "/\/lib\/adobe.php\?id=[a-f0-9]{32}$/Ui"

Special Options:

• http_uri

• nocase

source