alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WindowsEnterpriseSuite FakeAV check-in GET"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/Reports/install-report.php"; content:"abbr="; http.user_agent; content:"TALWinInetHTTPClient"; reference:md5,d9bcb4e4d650a6ed4402fab8f9ef1387; classtype:trojan-activity; sid:2010241; rev:8; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_04_27;)