Nmap Development mailing list archives
Re: [PATCH] Rustock backdoor SMTP service detection
From: Fyodor <fyodor () insecure org>
Date: Tue, 24 Apr 2007 17:26:47 -0700
On Thu, Apr 19, 2007 at 02:57:51AM +0000, Brandon Enright wrote:
Developers, Attached is a patch against the latest svn nmap-service-probes file adding detection for a new variant of Rustock that opens a backdoor SMTP service on port 25. This particular variant is rather insidious and isn't yet (according to www.virustotal.com) detected by any AV.
Thanks for the sig! I'm a little worried that this one may give false positives, as the output looks pretty generic. But I've checked it in tentatively. If other SMTP servers end up matching, we'll have to throw out this sig and try to find a signature which is more specific to the Rustock backdoor. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Rustock backdoor SMTP service detection Brandon Enright (Apr 18)
- Re: [PATCH] Rustock backdoor SMTP service detection Fyodor (Apr 24)