Author Topic: Strength of avast! Webshield detection confirmed!  (Read 1226 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33868
  • malware fighter
Strength of avast! Webshield detection confirmed!
« on: February 01, 2014, 06:56:02 PM »
Looking for an IDS alert like: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Zeus variant outbound connection"; flow:to_server,established; content:"POST"; http_method; content:".php"; http_uri; content:"|3B 20|MSIE|20|"; http_header; content:!"|0D 0A|Accept|2D|Language|3A|"; http_header; content:!"|0D 0A|Referer|3A|"; http_header; content:!"|0D 0A|Cookie|3A|"; http_header; content:"Content-Length: "; nocase; byte_test:8,<,201,0,string,relative; pcre:"/[^\x20-\x7e\x0d\x0a]{4}/P"; metadata:impact_flag red, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:25050; rev:5;)     IDS rule author = Alex Avery.A.Tarasov
Then trying to get to an urlquery scan with this particular IDS rule flagged and instatntly ,bingo!,  blocked  by avast! Webshield, that detected scan url- | {gzip} as  HTML:JNLP-C[Trj]

So keep your avast! shield protection up online all the time and all of the time,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!