Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Deloder worm

From: Kevin Pietersma <kev () attcanada net>
Date: Wed, 12 Mar 2003 01:04:05 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Found one through Symantec Security Response site
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.delod
er.html

alert tcp any any -> any any (msg:"W32.HLLW.Deloder infection";
content: 
"|59 49 39 E0 C3 1D D3 4D D8 F2 61 73 73 6B 47 69 DA B5 BC 05 3A F0
E4 C7 
98 76 CB B4 37 A4 39 4A|";)

kev


At 12:37 PM 3/10/2003 -0800, spyguy wrote:

  Is there a snort signature available for the W32/Deloder Worm?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPm7N37C/ivVY14GaEQLAUwCcDbEKRe8Se16Zz5B0Iulp8VSMX4QAoP6b
0hNr4WDsWOpZaxjW4CZU09LL
=alpw
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: