[Snort-sigs] Bug Bear Snort Sig...Not Confirmed

Snortmail snortmail at ...1322...
Tue Feb 25 17:29:22 EST 2003


try this:

alert tcp any any -> any 25 (msg:Bugbear at ...871... virus in SMTP;
content:"uv+LRCQID7dIDFEECggDSLm9df8C/zSNKDBBAAoGA0AEUQ+FEN23f7doqAT/dCQk/
xWcEQmDxCTD";sid:900001; classtype:misc-activity;rev:1;)

I need a confirmation on this but give this a go and let me know what you
find.

----- Original Message -----
From: <snort-sigs-request at lists.sourceforge.net>
To: <snort-sigs at lists.sourceforge.net>
Sent: Tuesday, February 25, 2003 3:06 PM
Subject: Snort-sigs digest, Vol 1 #493 - 1 msg


> Send Snort-sigs mailing list submissions to
> snort-sigs at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
> snort-sigs-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> snort-sigs-admin at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
>
>
> Today's Topics:
>
>    1. bugbear sig (Chris Rowe)
>
> --__--__--
>
> Message: 1
> Date: Tue, 25 Feb 2003 08:21:55 -0500
> From: "Chris Rowe" <rowec at ...1320...>
> To: <snort-sigs at lists.sourceforge.net>
> Subject: [Snort-sigs] bugbear sig
>
> Does anyone have an archived signature of the Bugbear virus? I am doing a
=
> SANS paper on an incident that involved Bugbear and could use that =
> material.
>
> Incidentally, anyone know where I can get a copy of the source code (same
=
> purpose) even if it is steralized?
>
>
>
>
>
>
> --__--__--
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
> End of Snort-sigs Digest





More information about the Snort-sigs mailing list