Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE BroBot POST"; flow:established,to_server; threshold: type limit, count 1, seconds 300, track by_src; http.method; content:"POST"; http.user_agent; content:"Mozilla/5.0 Firefox/3.6.12"; fast_pattern; bsize:26; http.request_body; pcre:"/^(?:c(?:omment|_id)|m(?:jdu)?)=/"; classtype:web-application-attack; sid:2016212; rev:6; metadata:created_at 2013_01_16, deprecation_reason Age, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_25, reviewed_at 2024_01_25;)