Versions (4)
Version DetailsCurrent
Rev: 5 • Aug 30, 2011, 12:00 PMET MALWARE Zeus Bot GET to Bing checking Internet connectivity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Zeus Bot GET to Bing checking Internet connectivity"; flow:established,to_server; http.header; content:"|3a 20|no-cache"; http.host; content:"www.bing.com"; depth:12; endswith; http.start; content:"GET / HTTP/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|Connection|3a 20|Close|0d 0a|User-Agent|3a 20|"; depth:60; http.header_names; content:!"Referer"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:command-and-control; sid:2013488; rev:5; metadata:created_at 2011_08_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)
Aug 30, 2011, 12:00 PM
Oct 28, 2020, 12:00 PM
Aug 30, 2011, 12:00 PM
Oct 15, 2025, 9:35 PM
rules/emerging-malware.rules