Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Zeus GameOver Connectivity Check"; flow:established,to_server; urilen:1; http.user_agent; content:"|3b 20|MSIE|20|"; fast_pattern; http.host; content:"www.google.com"; depth:14; endswith; http.accept; content:"*/*"; http.connection; content:"close"; nocase; http.header_names; content:"|0d 0a|Accept|0d 0a|Accept-Language|0d 0a|User-Agent|0d 0a|Host|0d 0a|Connection|0d 0a 0d 0a|"; depth:59; endswith; classtype:trojan-activity; sid:2018242; rev:8; metadata:created_at 2014_03_10, deprecation_reason Performance, performance_impact Significant, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_08;)