We are seeing plenty of bandwidth go down the drain due to near continuous hits from the Twiceler bot. But so far my attempt at putting up a mod_security rule for this does not work.

Here's the kind of thing I am seeing in the Apache logs:
38.99.13.118 - - [22/Jun/2009:00:28:08 -0500] "GET /merapanna?m=20090518&lang=ja HTTP/1.0" 404 - "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)"

... and here's my rule:
SecRule REQUEST_HEADERS:User-Agent "Twiceler"

Can anyone suggest an improvement here?

Thanks very much in advance.