[Snort-sigs] Any new signatures for the other Variants of the Blaster Worm?

Joe Stewart jstewart at ...5...
Wed Aug 13 13:34:33 EDT 2003

On Wednesday 13 August 2003 02:15 pm, Marty.Bostick at ...495... wrote:
> Does anyone have a signature for the new W32.Blaster.B.Worm and
> W32.Randex.E variants that are out?
> Will my existing rules work?

They all use the HD Moore exploit, as does Blaster.a, so if you have a
signature that picks up Blaster.a reliably, you should have no problem.


Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation

More information about the Snort-sigs mailing list