Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MSUpdater POST checkin to CnC"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/microsoft/errorpost/default.aspx?ID="; reference:url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html; reference:url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html; classtype:command-and-control; sid:2014212; rev:4; metadata:created_at 2012_02_07, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_21;)