Snort mailing list archives
Re: Deloder worm
From: Kevin Pietersma <kev () attcanada net>
Date: Wed, 12 Mar 2003 01:04:05 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Found one through Symantec Security Response site http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.delod er.html alert tcp any any -> any any (msg:"W32.HLLW.Deloder infection"; content: "|59 49 39 E0 C3 1D D3 4D D8 F2 61 73 73 6B 47 69 DA B5 BC 05 3A F0 E4 C7 98 76 CB B4 37 A4 39 4A|";) kev At 12:37 PM 3/10/2003 -0800, spyguy wrote:
Is there a snort signature available for the W32/Deloder Worm? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE----- Version: PGP 7.1.1 iQA/AwUBPm7N37C/ivVY14GaEQLAUwCcDbEKRe8Se16Zz5B0Iulp8VSMX4QAoP6b 0hNr4WDsWOpZaxjW4CZU09LL =alpw -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Deloder worm spyguy (Mar 10)
- Ignoring SNMP from specific addresses? Matt Richard (Mar 10)
- Re: Ignoring SNMP from specific addresses? Erek Adams (Mar 10)
- Re: Ignoring SNMP from specific addresses? Matt Richard (Mar 10)
- Re: Ignoring SNMP from specific addresses? Erek Adams (Mar 10)
- Re: Deloder worm Kevin Pietersma (Mar 11)
- Re: Deloder worm Bill McCarty (Mar 12)
- Ignoring SNMP from specific addresses? Matt Richard (Mar 10)