Versions (5)
Version DetailsCurrent
Rev: 10 • Jul 30, 2010, 12:00 PMET MALWARE Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729))
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729))"; flow:established,to_server; http.method; content:"GET"; nocase; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|na|3b 20|.NET CLR 2.0.50727|3b 20|.NET CLR 3.0.4506.2152|3b 20|.NET CLR 3.5.30729)|0d0a|"; fast_pattern; startswith; reference:url,www.cyber-ta.org/releases/malware-analysis/public/2009-07-12-public/ARCHIVE/1247423556.chatter; classtype:trojan-activity; sid:2009810; rev:10; metadata:created_at 2010_07_30, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_13;)
Jul 30, 2010, 12:00 PM
Aug 13, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 28, 2025, 8:34 PM
rules/emerging-malware.rules