Snort mailing list archives
Re: Virus - Possible scr Worm
From: Always Bishan <bishan4u () yahoo co uk>
Date: Wed, 12 Mar 2003 06:30:06 +0000 (GMT)
hi
What rule triggered the alert?
Following alert from virus.rules file triggered: alert tcp any 110 -> any any (msg:"Virus - Possible scr Worm"; content: ".scr"; nocase; sid:729; classtype:misc-activity; rev:3;)
Do you have a packet dump?
mysql dump viewed thru acid is: Signature: Virus - Possible scr Worm Source: 202.71.129.36:110 Destination: 192.168.0.2:51429 Protocol: TCP and I found a filename scr.scr in packet payload, this mail came from someone I don't know, maybe a spam. Can I take any legal action against the sender, if it was really a virus? Regards, Bishan __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Virus - Possible scr Worm Always Bishan (Mar 11)
- Re: Virus - Possible scr Worm Alberto Gonzalez (Mar 11)
- Re: Virus - Possible scr Worm Always Bishan (Mar 11)
- Re: Virus - Possible scr Worm Matt Richard (Mar 11)
- Re: Virus - Possible scr Worm Alberto Gonzalez (Mar 11)