Snort mailing list archives
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset)
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 7 Oct 2013 07:14:18 -0400
Actually, no. This rule came out of our sandbox running binaries. Sent from my iPhone
On Oct 6, 2013, at 11:41 PM, Jeff Kell <jeff-kell () utc edu> wrote:On 10/6/2013 11:37 PM, Joel Esler wrote: On Oct 4, 2013, at 11:37 PM, nicenate () verizon net wrote: In the case of this rule we just have not seen any current discussion for this rule. We are asking here if anyone knows more about why this rule has been placed back into the VRT snort rule set. Thank you for asking. This wasn't "placed back" into the ruleset, it seems as if we didn't cover this particular piece of the traffic to begin with, so while the references are from 2008, it's still a relevant rule.Got to cover those test suites :) Useless otherwise, but makes the test suite results look better :) Jeff
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) James Lay (Oct 04)
- <Possible follow-ups>
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 06)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Jeff Kell (Oct 06)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 07)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 06)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) wkitty42 (Oct 05)