[Snort-sigs] Gain/Gator spyware sig

Esler, Joel - Contractor joel.esler at ...783...
Fri Jul 9 08:11:09 EDT 2004


Matt,

Enclosed is a signature that will catch 99% of Gator spyware (the other
1% being unknown variants)  This will catch the Gator password saver,
precision time, precision date, calendar manager...etc...



alert tcp any any -> any any (msg:"HTTP_Gator_Installed"; content:"|55
73 65 72 2d 41 67 65 6e 74 3a 20 47 61 74 6f 72|";
reference:url,pestpatrol.com/pestinfo/g/gain.asp;)




More information about the Snort-sigs mailing list