Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Virus - Possible scr Worm

From: Always Bishan <bishan4u () yahoo co uk>
Date: Wed, 12 Mar 2003 06:30:06 +0000 (GMT)

hi


What rule triggered the alert? 


Following alert from virus.rules file triggered:

alert tcp any 110 -> any any (msg:"Virus - Possible
scr Worm"; content: ".scr"; nocase; sid:729; 
classtype:misc-activity; rev:3;)



Do you have a packet
dump? 


mysql dump viewed thru acid is:

Signature: Virus - Possible scr Worm 
Source: 202.71.129.36:110
Destination: 192.168.0.2:51429  
Protocol: TCP  

and I found a filename scr.scr in packet payload, this
  mail came from someone I don't know, maybe a spam.
Can I take any legal action against the sender, if it
was really a virus?

Regards,
Bishan

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: