alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Zusy Gettime Checkin"; flow:established,to_server; http.uri; content:"/gettime.html?"; fast_pattern; http.protocol; content:"HTTP/1.0"; http.header_names; content:"|0d 0a|If-None-Match|0d 0a|"; reference:md5,a152772516cef409ddd58f90917a3b44; classtype:command-and-control; sid:2015022; rev:3; metadata:created_at 2012_07_04, signature_severity Major, updated_at 2024_02_19;)