Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Vundo.Downloader Reporting User Website Session Information"; flow:established,to_server; http.uri; content:"/js.php?ran="; fast_pattern; content:"&t="; content:"&u="; http.accept_lang; content:"ru-RU"; nocase; startswith; reference:url,www.lavasoft.com/mylavasoft/malware-descriptions/blog/trojandownloaderwin32vundojd; classtype:trojan-activity; sid:2016417; rev:3; metadata:created_at 2013_02_16, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_23;)