Win.Ransomware.Urausy False Positive

1. Win.Ransomware.Urausy False Positive
2. Reported by neonprimetime security
3. http://neonprimetime.blogspot.com
4.  
5. *****
6. This appears like a tracking pixel, not Ransomware. The Snort rule seems pretty vague to me with just a long url, and html file, a generic user agent, no cookie, etc.
7.  
8. *****
9.  
10. MALWARE-CNC Win.Ransomware.Urausy outbound connection (1:27708)
11. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Ransomware.Urausy outbound connection"; flow:to_server,established; urilen:>145,norm; content:".html"; http_uri; content:"User-Agent|3A| Mozilla/5.0 |28|compatible|3B| MSIE 9.0|3B| Windows NT 6.1|3B| Trident/5.0"; fast_pattern:only; http_header; content:!"Cookie:"; http_header; content:!"X-BlueCoat-Via:"; http_header; content:!"Referer"; http_header; pcre:"/\x2f[a-z-_]{80,}\x2ehtml$/U"; metadata:impact_flag red, ruleset community, service http; reference:url,www.virustotal.com/en/file/f53a483befed8d1494827a3f2444cfe638d3f7e595d72b722eab92d1aca9ede3/analysis/1376847283/; classtype:trojan-activity; sid:27708; rev:7; )
12.  
13. *****
14.  
15. GET http://metrics.brightcove.com/tracker?event=player_load&account=78144477&player=3884567576001&platform=as3&player_name=Full%20Bleed%20Player&source=http%3A%2F%2Fwww.slate.com%2Farticles%2Fnews_and_politics%2Fjurisprudence%2F2015%2F03%2F_blurred_lines_verdict_is_wrong_williams_and_thicke_did_not_infringe_on.html&mem=16604&flash_version=WIN%2014%2C0%2C0%2C145&time=1426262064771&domain=videocloud&embed=http%3A%2F%2Fwww.slate.com%2Fblogs%2Fthe_eye%2F2015%2F03%2F13%2Fmonument_valley_game_design_studio_ustwo_redesigned_the_car_dashboard_instrument.html HTTP/1.1
16. Accept: */*
17. Accept-Language: en-US
18. x-flash-version: 14,0,0,145
19. Accept-Encoding: gzip, deflate
20. User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
21. Host: metrics.brightcove.com
22. Proxy-Connection: Keep-Alive