alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.VB.tdq - Fake User-Agent"; flow:established,to_server; http.method; content:"GET"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE 5.0|3b 20|Windows NT 2.1|3b 20|SV3)|0d0a|"; fast_pattern; startswith; reference:url,vil.nai.com/vil/content/v_187654.htm; reference:url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=187654; classtype:trojan-activity; sid:2009825; rev:10; metadata:created_at 2010_07_30, confidence High, signature_severity Major, updated_at 2020_08_13;)