Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Small.gen!AQ Communication with Controller"; flow:established,to_server; http.uri; content:"?uid="; nocase; fast_pattern; content:"&action="; nocase; content:"&v="; nocase; content:"&b="; nocase; pcre:"/\?uid=[0-9a-f]{40}&action=\w+&v=[\w.]+&b=\d+$/"; reference:md5,eb3140416c06fa8cb7851076dd100dfb; reference:url,perpetualhorizon.blogspot.com/2010/08/shot-in-dark-analysis-of-failed-malware.html; reference:md5,8033dffa899dcd16769f389073f9f053; classtype:trojan-activity; sid:2011414; rev:6; metadata:created_at 2010_09_28, malware_family Win32_Small_gen_AQ, signature_severity Major, updated_at 2024_05_29;)