alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Comfoo Outbound Communication"; flow:established,to_server; http.header; content:"Accept-Language|3a 20|en-en|0d 0a|"; http.user_agent; content:"|3b|Windows|20|"; nocase; reference:url,www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/; classtype:trojan-activity; sid:2009125; rev:16; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)