alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Common Upatre Header Structure 2"; flow:established,to_server; http.method; content:"GET"; http.user_agent; content:!"Taitus"; content:!"Sling/"; content:!"Updexer/"; content:!"Lightworks"; http.host; content:!"sophosupd.com"; content:!"sophosupd.net"; http.accept; content:"text/*,|20|application/*"; endswith; fast_pattern; http.header_names; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|Host"; depth:26; classtype:trojan-activity; sid:2018635; rev:16; metadata:created_at 2014_07_03, deprecation_reason Relevance, signature_severity Major, updated_at 2024_03_07, reviewed_at 2024_03_07;)