alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible TDSS User-Agent CMD"; flow:established,to_server; http.user_agent; content:"|20|(compatible|3b 20|MSIE 1.0|3b 20|Windows NT|3b 20|"; fast_pattern; reference:url,www.kernelmode.info/forum/viewtopic.php?f=16&t=19; reference:url,www.securelist.com/en/analysis/204792180/TDL4_Top_Bot; classtype:trojan-activity; sid:2012322; rev:9; metadata:created_at 2011_02_21, confidence Medium, signature_severity Major, updated_at 2020_08_13;)