Versions (4)
Version DetailsCurrent
Rev: 9 • Aug 4, 2011, 12:00 PMET MALWARE Zeus Bot Request to CnC 2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Zeus Bot Request to CnC 2"; flow:established,to_server; http.method; content:"GET"; nocase; http.header; content:"Accept|3a 20 2a 2f 2a 0d 0a|If|2d|None|2d|Match|3a 20|"; startswith; fast_pattern; content:"|0d 0a|Cache|2d|Control|3a 20|no|2d|cache|0d 0a|User|2d|Agent|3a 20|Mozilla"; distance:0; content:"|0d 0a|Connection|3a 20|Close|0d 0a|"; endswith; classtype:command-and-control; sid:2013348; rev:9; metadata:created_at 2011_08_04, confidence Medium, signature_severity Major, updated_at 2024_02_16;)
Aug 4, 2011, 12:00 PM
Feb 16, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules