Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign"; flow:established,to_client; http.header; content:"Expires|3A 20|Tue, 08 Jan 1935 00|3A|00|3A|00 GMT"; fast_pattern; classtype:trojan-activity; sid:2024229; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_04_20, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2020_08_05;)