Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] Rustock backdoor SMTP service detection

From: Fyodor <fyodor () insecure org>
Date: Tue, 24 Apr 2007 17:26:47 -0700
On Thu, Apr 19, 2007 at 02:57:51AM +0000, Brandon Enright wrote:

Developers,

Attached is a patch against the latest svn nmap-service-probes file adding
detection for a new variant of Rustock that opens a backdoor SMTP service
on port 25. This particular variant is rather insidious and isn't yet
(according to www.virustotal.com) detected by any AV.


Thanks for the sig!  I'm a little worried that this one may give false
positives, as the output looks pretty generic.  But I've checked it in
tentatively.  If other SMTP servers end up matching, we'll have to
throw out this sig and try to find a signature which is more specific
to the Rustock backdoor.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: