alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Unknown Dropper HTTP POST Check-in"; flow:established,to_server; http.method; content:"POST"; http.user_agent; content:"NSIS_InetLoad (Mozilla)"; startswith; http.request_body; content:"spill&a="; fast_pattern; reference:url,www.mywot.com/en/forum/13816-clickjacking-scam-spreading-on-facebook; classtype:trojan-activity; sid:2013189; rev:4; metadata:created_at 2011_07_05, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_22;)