alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Carberp checkin task"; flow:established,to_server; http.uri; content:"/task.php?id="; fast_pattern; content:"&task="; distance:0; pcre:"/\/task.php\?id=[^&]{32,64}&task=\d/"; reference:md5,1d0d38dd63551a30eda664611ed4958b; reference:url,www.honeynet.org/node/578; reference:md5,07d3fbb124ff39bd5c1045599f719e36; reference:md5,31a4bc4e9a431d91dc0b368f4a76ee85; reference:url,www.trustdefender.com/blog/2010/10/06/carberp-%E2%80%93-a-new-trojan-in-the-making/; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2010-101313-5632-99&tabid=2; reference:md5,6f89b98729483839283d04b82055dc44; reference:url,www.eset.com/threat-center/encyclopedia/threats/win32trojandownloadercarberpb; classtype:command-and-control; sid:2011799; rev:8; metadata:created_at 2010_10_13, signature_severity Major, updated_at 2020_04_21;)