[Snort-sigs] Any new signatures for the other Variants of the Blaster Worm?

Joe Stewart jstewart at ...5...
Wed Aug 13 13:34:33 EDT 2003


On Wednesday 13 August 2003 02:15 pm, Marty.Bostick at ...495... wrote:
> Does anyone have a signature for the new W32.Blaster.B.Worm and
> W32.Randex.E variants that are out?
>
> Will my existing rules work?

They all use the HD Moore exploit, as does Blaster.a, so if you have a
signature that picks up Blaster.a reliably, you should have no problem.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/





More information about the Snort-sigs mailing list