alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;ET TROJAN W32/DirtJumper DDOS Bot Checkin&quot;; flow:established,to_server; content:&quot;POST&quot;; http_method; content:&quot;HTTP/1.0&quot;; http_header; content:&quot;k=&quot;; http_client_body; depth:2; pcre:&quot;/k\x3D[0-9]{6}/&quot;; classtype:trojan-activity; reference:url,<a href="http://www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html">www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html</a>; reference:url,<a href="http://asert.arbornetworks.com/2011/08/dirt-jumper-caught/">http://asert.arbornetworks.com/2011/08/dirt-jumper-caught/</a>; sid:144991; rev:1;)<br>
<br>For current version. <br>Regards, Kevin<br>