ET WEB_SERVER Compromised Wordpress Install Serving Malicious JS
Sourceet/open
Fileemerging-web_server.rules
CreatedJuly 17, 2012
UpdatedMarch 13, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Compromised Wordpress Install Serving Malicious JS"; flow:established,to_client ; file.data; content:"var wow"; fast_pattern; content:"Date"; within:200; pcre:"/var wow\s*=\s*\x22[^\x22\n]+?\x22\x3b[^\x3b\n]*?Date[^\x3b\n]*?\x3b/"; reference:url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/ ; classtype:trojan-activity; sid:2015481; rev:7; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_07_17, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2024_03_13;)
Metadata
affected productWordpress_Plugins
attack targetWeb_Server
created at2012_07_17
deploymentDatacenter
signature severityMajor
tagWordpress
updated at2024_03_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!