alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin"; flow:to_server,established; content:"POST"; http_method; content:"magic="; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; content:"&ox="; http_uri; content:!"Mozilla"; http_user_agent; reference:md5,29457bd7a95e11bfd0e614a6e237a344; reference:md5,173a060ed791e620c2ec84d7b360ed60; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; classtype:command-and-control; sid:2008523; rev:8; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2019_07_26;)