Snort mailing list archives

Re: gamarue infection

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 7 Dec 2012 09:24:34 -0500

On Fri, Dec 07, 2012 at 11:35:55AM +0000, Aisling Brennan wrote:

Hi,

is there a rule for W32 gamarue infection



That's a very open question, there are many variants of the "gamarue" trojan, and not all of them act the same.  Yes, 
we have coverage for some variants of it.

Is there a particular sample you want us to cover with Snort?  Most of them are covered with ClamAV.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire 

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

gamarue infection Aisling Brennan (Dec 07)
- Re: gamarue infection Joel Esler (Dec 07)
- Re: gamarue infection Paul Schmehl (Dec 07)