Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Alureon Checkin"; flow:established,to_server; http.method; content:"POST"; http.header_names; content:!"User-Agent|0d 0a|"; content:!"Referer|0d 0a|"; http.request_body; content:"winver="; depth:7; content:"&ver="; distance:0; pcre:"/^winver=\d+&ver=\d+$/"; reference:md5,2155b7942ddc6d7a82e7d96a8c594501; classtype:command-and-control; sid:2019717; rev:4; metadata:created_at 2014_11_18, deprecation_reason Relevance, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_21, reviewed_at 2024_03_21;)