alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin"; flow:established,to_server; http.uri; content:".php?"; content:"c="; content:"&v="; content:"&b="; content:"&id="; content:"&cnt="; fast_pattern; content:"&q="; reference:md5,e9f1f226ff86e72c558e9a9da32c796d; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2; classtype:command-and-control; sid:2007743; rev:11; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_04_21;)