alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Vundo User-Agent Check-in"; flow:established,to_server; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE 6.0) WinNT 5.1"; fast_pattern; bsize:44; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99; classtype:trojan-activity; sid:2010490; rev:8; metadata:created_at 2010_07_30, confidence High, signature_severity Major, updated_at 2020_08_13;)