alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Koobface Checkin via POST"; flow:to_server,established; http.method; content:"POST"; http.uri; content:".php"; nocase; http.request_body; content:"f="; content:"&a="; content:"&v="; content:"&c="; content:"&s="; content:"&l="; content:"&ck="; content:"&c_fb="; content:"&c_ms="; content:"&c_hi="; content:"&c_be="; content:"&c_fr="; content:"&c_yb="; reference:url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094; classtype:command-and-control; sid:2009156; rev:12; metadata:created_at 2010_09_28, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_19;)