Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible FortDisco POP3 Site list download"; flow:established,to_server; http.method; content:"GET"; http.user_agent; bsize:10; content:"PrototypeB"; fast_pattern; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|Accept|0d 0a|"; reference:md5,538a4cedad8791e27088666a4a6bf9c5; reference:md5,87c21bc9c804cefba6bb4148dbe4c4de; reference:url,www.abuse.ch/?p=5813; classtype:trojan-activity; sid:2017546; rev:5; metadata:created_at 2013_09_30, confidence Medium, signature_severity Major, updated_at 2024_03_05;)