alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Vundo.dam http Update"; flow:established,to_server; http.uri; content:"/cgi-bin/heartbeat.php"; fast_pattern; nocase; content:"uid="; nocase; content:"&affiliate_id="; nocase; content:"&db=1"; nocase; content:"&version="; nocase; classtype:trojan-activity; sid:2007573; rev:5; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_03_10;)