alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Banload HTTP Checkin Detected (quem=)"; flow:established,to_server; http.uri; content:".php"; nocase; http.user_agent; content:"Mozilla/3.0 (compatible|3b| Indy Library)"; startswith; http.request_body; content:"quem="; startswith; content:"praquem="; fast_pattern; distance:0; nocase; classtype:command-and-control; sid:2008283; rev:11; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_09;)