Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Proposed Signature for Keystrokes iKeyMonitor iOS Keylogger

From: Community Signatures <lists () packetmail net>
Date: Tue, 20 Mar 2012 14:42:29 -0500
Pretty simple. Content matches pulled from deb package. Sig to detect on
access of keystrokes/webhistory/etc webpage served from iOS device.
Match on the page served up at offset 000109da in MobileSafe.dylib

alert tcp any any -> $HOME_NET 8888
(msg:"ET POLICY iOS Keylogger iKeyMonitor device access";
flow:to_server,established;
content:"/><title>Keystrokes - iKeyMonitor</title><style ";
reference:url,moreinfo.thebigboss.org/moreinfo/depiction.php?file=ikeymonitorDp;
threshold:type limit, track by_src, count 1, seconds 600;
classtype:policy-violation"; sid:x; rev:1;)

Thanks,
Nathan


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: