Versions (4)
Version DetailsCurrent
Rev: 6 • Jan 10, 2012, 12:00 PMET MALWARE Zeus Bot GET to Google checking Internet connectivity using proxy
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Zeus Bot GET to Google checking Internet connectivity using proxy"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/webhp"; fast_pattern; http.header; content:"Accept|3a 20|*/*|0d 0a|Pragma|3a 20|no-cache|0d 0a|User-Agent|3a 20|"; startswith; content:"|0d 0a|Host|3a 20|"; distance:0; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:command-and-control; sid:2014105; rev:6; metadata:created_at 2012_01_10, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_04;)
Jan 10, 2012, 12:00 PM
Mar 4, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 8, 2025, 9:38 PM
rules/emerging-malware.rules