alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; http.method; content:"GET"; nocase; http.user_agent; bsize:95; content:"Mozilla|2f|4|2e|0|20 28|compatible|3b 20|MSIE|20|6|2e|0|3b 20 20|Windows|20|NT|20|5|2e|1|3b 20|SV1|3b 20 2e|NET|20|CLR|20|1|2e|1|2e|4322|3b 20 2e|NET|20|CLR|20|2|2e|0|2e|50727|29|"; fast_pattern; http.accept; content:"|2a 2f 2a|"; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; classtype:trojan-activity; sid:2009447; rev:9; metadata:created_at 2010_07_30, malware_family Bancos, signature_severity Major, tag Banking_Trojan, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_10;)