alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Vflooder.C Connectivity Check"; flow:established,to_server; urilen:1; http.method; content:"GET"; http.host; content:"google.com"; fast_pattern; depth:10; endswith; http.header_names; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|Host|0d 0a|Connection|0d 0a|"; content:!"Accept-Encoding"; content:!"Referer"; classtype:trojan-activity; sid:2021337; rev:5; metadata:created_at 2015_06_24, malware_family Win32_Vflooder_C, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_14;)