alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Injector.MUD Variant Reporting"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/total_visitas.php"; fast_pattern; http.start; content:".php HTTP/1.1|0d 0a|Host|3a 20|"; http.header_names; content:!"User-Agent|0d 0a|"; reference:url,microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Dynamer!dtc; reference:md5,989ba48e0a9e39b4b6fc5c6bf400c41b; classtype:trojan-activity; sid:2014113; rev:6; metadata:created_at 2012_01_11, malware_family Win32_Injector_MUD, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)